Tor  0.4.7.0-alpha-dev
connection_edge.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file connection_edge.c
9  * \brief Handle edge streams.
10  *
11  * An edge_connection_t is a subtype of a connection_t, and represents two
12  * critical concepts in Tor: a stream, and an edge connection. From the Tor
13  * protocol's point of view, a stream is a bi-directional channel that is
14  * multiplexed on a single circuit. Each stream on a circuit is identified
15  * with a separate 16-bit stream ID, local to the (circuit,exit) pair.
16  * Streams are created in response to client requests.
17  *
18  * An edge connection is one thing that can implement a stream: it is either a
19  * TCP application socket that has arrived via (e.g.) a SOCKS request, or an
20  * exit connection.
21  *
22  * Not every instance of edge_connection_t truly represents an edge connection,
23  * however. (Sorry!) We also create edge_connection_t objects for streams that
24  * we will not be handling with TCP. The types of these streams are:
25  * <ul>
26  * <li>DNS lookup streams, created on the client side in response to
27  * a UDP DNS request received on a DNSPort, or a RESOLVE command
28  * on a controller.
29  * <li>DNS lookup streams, created on the exit side in response to
30  * a RELAY_RESOLVE cell from a client.
31  * <li>Tunneled directory streams, created on the directory cache side
32  * in response to a RELAY_BEGIN_DIR cell. These streams attach directly
33  * to a dir_connection_t object without ever using TCP.
34  * </ul>
35  *
36  * This module handles general-purpose functionality having to do with
37  * edge_connection_t. On the client side, it accepts various types of
38  * application requests on SocksPorts, TransPorts, and NATDPorts, and
39  * creates streams appropriately.
40  *
41  * This module is also responsible for implementing stream isolation:
42  * ensuring that streams that should not be linkable to one another are
43  * kept to different circuits.
44  *
45  * On the exit side, this module handles the various stream-creating
46  * type of RELAY cells by launching appropriate outgoing connections,
47  * DNS requests, or directory connection objects.
48  *
49  * And for all edge connections, this module is responsible for handling
50  * incoming and outdoing data as it arrives or leaves in the relay.c
51  * module. (Outgoing data will be packaged in
52  * connection_edge_process_inbuf() as it calls
53  * connection_edge_package_raw_inbuf(); incoming data from RELAY_DATA
54  * cells is applied in connection_edge_process_relay_cell().)
55  **/
56 #define CONNECTION_EDGE_PRIVATE
57 
58 #include "core/or/or.h"
59 
60 #include "lib/err/backtrace.h"
61 
62 #include "app/config/config.h"
64 #include "core/mainloop/mainloop.h"
66 #include "core/or/channel.h"
67 #include "core/or/circuitbuild.h"
68 #include "core/or/circuitlist.h"
69 #include "core/or/circuituse.h"
70 #include "core/or/circuitpadding.h"
72 #include "core/or/connection_or.h"
73 #include "core/or/extendinfo.h"
74 #include "core/or/policies.h"
75 #include "core/or/reasons.h"
76 #include "core/or/relay.h"
77 #include "core/or/sendme.h"
78 #include "core/proto/proto_http.h"
79 #include "core/proto/proto_socks.h"
81 #include "feature/client/circpathbias.h"
82 #include "feature/client/dnsserv.h"
87 #include "feature/hs/hs_cache.h"
88 #include "feature/hs/hs_circuit.h"
89 #include "feature/hs/hs_client.h"
90 #include "feature/hs/hs_common.h"
96 #include "feature/relay/dns.h"
97 #include "feature/relay/router.h"
101 #include "feature/stats/rephist.h"
102 #include "lib/buf/buffers.h"
104 
105 #include "core/or/cell_st.h"
109 #include "core/or/extend_info_st.h"
111 #include "core/or/or_circuit_st.h"
113 #include "core/or/half_edge_st.h"
116 
117 #ifdef HAVE_LINUX_TYPES_H
118 #include <linux/types.h>
119 #endif
120 #ifdef HAVE_LINUX_NETFILTER_IPV4_H
121 #include <linux/netfilter_ipv4.h>
122 #define TRANS_NETFILTER
123 #define TRANS_NETFILTER_IPV4
124 #endif
125 
126 #ifdef HAVE_LINUX_IF_H
127 #include <linux/if.h>
128 #endif
129 
130 #ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
131 #include <linux/netfilter_ipv6/ip6_tables.h>
132 #if defined(IP6T_SO_ORIGINAL_DST)
133 #define TRANS_NETFILTER
134 #define TRANS_NETFILTER_IPV6
135 #endif
136 #endif /* defined(HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H) */
137 
138 #ifdef HAVE_FCNTL_H
139 #include <fcntl.h>
140 #endif
141 #ifdef HAVE_SYS_IOCTL_H
142 #include <sys/ioctl.h>
143 #endif
144 #ifdef HAVE_SYS_PARAM_H
145 #include <sys/param.h>
146 #endif
147 
148 #if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
149 #include <net/if.h>
150 #include <net/pfvar.h>
151 #define TRANS_PF
152 #endif
153 
154 #ifdef IP_TRANSPARENT
155 #define TRANS_TPROXY
156 #endif
157 
158 #define SOCKS4_GRANTED 90
159 #define SOCKS4_REJECT 91
160 
163 static int connection_exit_connect_dir(edge_connection_t *exitconn);
164 static int consider_plaintext_ports(entry_connection_t *conn, uint16_t port);
166 static bool network_reentry_is_allowed(void);
167 
168 /**
169  * Cast a `connection_t *` to an `edge_connection_t *`.
170  *
171  * Exit with an assertion failure if the input is not an
172  * `edge_connection_t`.
173  **/
176 {
177  tor_assert(c->magic == EDGE_CONNECTION_MAGIC ||
178  c->magic == ENTRY_CONNECTION_MAGIC);
179  return DOWNCAST(edge_connection_t, c);
180 }
181 
182 /**
183  * Cast a `const connection_t *` to a `const edge_connection_t *`.
184  *
185  * Exit with an assertion failure if the input is not an
186  * `edge_connection_t`.
187  **/
188 const edge_connection_t *
190 {
191  return TO_EDGE_CONN((connection_t *)c);
192 }
193 
194 /**
195  * Cast a `connection_t *` to an `entry_connection_t *`.
196  *
197  * Exit with an assertion failure if the input is not an
198  * `entry_connection_t`.
199  **/
202 {
203  tor_assert(c->magic == ENTRY_CONNECTION_MAGIC);
204  return (entry_connection_t*) SUBTYPE_P(c, entry_connection_t, edge_.base_);
205 }
206 
207 /**
208  * Cast a `const connection_t *` to a `const entry_connection_t *`.
209  *
210  * Exit with an assertion failure if the input is not an
211  * `entry_connection_t`.
212  **/
213 const entry_connection_t *
215 {
216  return TO_ENTRY_CONN((connection_t*) c);
217 }
218 
219 /**
220  * Cast an `edge_connection_t *` to an `entry_connection_t *`.
221  *
222  * Exit with an assertion failure if the input is not an
223  * `entry_connection_t`.
224  **/
227 {
228  tor_assert(c->base_.magic == ENTRY_CONNECTION_MAGIC);
229  return (entry_connection_t*) SUBTYPE_P(c, entry_connection_t, edge_);
230 }
231 
232 /**
233  * Cast a `const edge_connection_t *` to a `const entry_connection_t *`.
234  *
235  * Exit with an assertion failure if the input is not an
236  * `entry_connection_t`.
237  **/
238 const entry_connection_t *
240 {
242 }
243 
244 /** An AP stream has failed/finished. If it hasn't already sent back
245  * a socks reply, send one now (based on endreason). Also set
246  * has_sent_end to 1, and mark the conn.
247  */
248 MOCK_IMPL(void,
250  int line, const char *file))
251 {
252  connection_t *base_conn = ENTRY_TO_CONN(conn);
253  tor_assert(base_conn->type == CONN_TYPE_AP);
254  ENTRY_TO_EDGE_CONN(conn)->edge_has_sent_end = 1; /* no circ yet */
255 
256  if (base_conn->marked_for_close) {
257  /* This call will warn as appropriate. */
258  connection_mark_for_close_(base_conn, line, file);
259  return;
260  }
261 
262  if (!conn->socks_request->has_finished) {
264  log_warn(LD_BUG,
265  "stream (marked at %s:%d) sending two socks replies?",
266  file, line);
267 
268  if (SOCKS_COMMAND_IS_CONNECT(conn->socks_request->command))
269  connection_ap_handshake_socks_reply(conn, NULL, 0, endreason);
270  else if (SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command))
272  RESOLVED_TYPE_ERROR_TRANSIENT,
273  0, NULL, -1, -1);
274  else /* unknown or no handshake at all. send no response. */
275  conn->socks_request->has_finished = 1;
276  }
277 
278  connection_mark_and_flush_(base_conn, line, file);
279 
280  ENTRY_TO_EDGE_CONN(conn)->end_reason = endreason;
281 }
282 
283 /** There was an EOF. Send an end and mark the connection for close.
284  */
285 int
287 {
288  if (connection_get_inbuf_len(TO_CONN(conn)) &&
290  /* it still has stuff to process. don't let it die yet. */
291  return 0;
292  }
293  log_info(LD_EDGE,"conn (fd "TOR_SOCKET_T_FORMAT") reached eof. Closing.",
294  conn->base_.s);
295  if (!conn->base_.marked_for_close) {
296  /* only mark it if not already marked. it's possible to
297  * get the 'end' right around when the client hangs up on us. */
298  connection_edge_end(conn, END_STREAM_REASON_DONE);
299  if (conn->base_.type == CONN_TYPE_AP) {
300  /* eof, so don't send a socks reply back */
301  if (EDGE_TO_ENTRY_CONN(conn)->socks_request)
303  }
304  connection_mark_for_close(TO_CONN(conn));
305  }
306  return 0;
307 }
308 
309 /** Handle new bytes on conn->inbuf based on state:
310  * - If it's waiting for socks info, try to read another step of the
311  * socks handshake out of conn->inbuf.
312  * - If it's waiting for the original destination, fetch it.
313  * - If it's open, then package more relay cells from the stream.
314  * - Else, leave the bytes on inbuf alone for now.
315  *
316  * Mark and return -1 if there was an unexpected error with the conn,
317  * else return 0.
318  */
319 int
321 {
322  tor_assert(conn);
323 
324  switch (conn->base_.state) {
327  /* already marked */
328  return -1;
329  }
330  return 0;
333  /* already marked */
334  return -1;
335  }
336  return 0;
339  return -1;
340  }
341  return 0;
342  case AP_CONN_STATE_OPEN:
343  if (! conn->base_.linked) {
345  }
346 
347  FALLTHROUGH;
349  if (connection_edge_package_raw_inbuf(conn, package_partial, NULL) < 0) {
350  /* (We already sent an end cell if possible) */
351  connection_mark_for_close(TO_CONN(conn));
352  return -1;
353  }
354  return 0;
357  log_info(LD_EDGE,
358  "data from edge while in '%s' state. Sending it anyway. "
359  "package_partial=%d, buflen=%ld",
360  conn_state_to_string(conn->base_.type, conn->base_.state),
361  package_partial,
362  (long)connection_get_inbuf_len(TO_CONN(conn)));
363  if (connection_edge_package_raw_inbuf(conn, package_partial, NULL)<0) {
364  /* (We already sent an end cell if possible) */
365  connection_mark_for_close(TO_CONN(conn));
366  return -1;
367  }
368  return 0;
369  }
370  /* Fall through if the connection is on a circuit without optimistic
371  * data support. */
372  FALLTHROUGH;
378  log_info(LD_EDGE,
379  "data from edge while in '%s' state. Leaving it on buffer.",
380  conn_state_to_string(conn->base_.type, conn->base_.state));
381  return 0;
382  }
383  log_warn(LD_BUG,"Got unexpected state %d. Closing.",conn->base_.state);
385  connection_edge_end(conn, END_STREAM_REASON_INTERNAL);
386  connection_mark_for_close(TO_CONN(conn));
387  return -1;
388 }
389 
390 /** This edge needs to be closed, because its circuit has closed.
391  * Mark it for close and return 0.
392  */
393 int
395 {
396  if (!conn->base_.marked_for_close) {
397  log_info(LD_EDGE, "CircID %u: At an edge. Marking connection for close.",
398  (unsigned) circ_id);
399  if (conn->base_.type == CONN_TYPE_AP) {
400  entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
401  connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_DESTROY);
403  control_event_stream_status(entry_conn, STREAM_EVENT_CLOSED,
404  END_STREAM_REASON_DESTROY);
406  } else {
407  /* closing the circuit, nothing to send an END to */
408  conn->edge_has_sent_end = 1;
409  conn->end_reason = END_STREAM_REASON_DESTROY;
411  connection_mark_and_flush(TO_CONN(conn));
412  }
413  }
414  conn->cpath_layer = NULL;
415  conn->on_circuit = NULL;
416  return 0;
417 }
418 
419 /** Send a raw end cell to the stream with ID <b>stream_id</b> out over the
420  * <b>circ</b> towards the hop identified with <b>cpath_layer</b>. If this
421  * is not a client connection, set the relay end cell's reason for closing
422  * as <b>reason</b> */
423 static int
425  uint8_t reason, crypt_path_t *cpath_layer)
426 {
427  char payload[1];
428 
429  if (CIRCUIT_PURPOSE_IS_CLIENT(circ->purpose)) {
430  /* Never send the server an informative reason code; it doesn't need to
431  * know why the client stream is failing. */
432  reason = END_STREAM_REASON_MISC;
433  }
434 
435  payload[0] = (char) reason;
436 
437  /* Note: we have to use relay_send_command_from_edge here, not
438  * connection_edge_end or connection_edge_send_command, since those require
439  * that we have a stream connected to a circuit, and we don't connect to a
440  * circuit until we have a pending/successful resolve. */
441  return relay_send_command_from_edge(stream_id, circ, RELAY_COMMAND_END,
442  payload, 1, cpath_layer);
443 }
444 
445 /* If the connection <b>conn</b> is attempting to connect to an external
446  * destination that is an hidden service and the reason is a connection
447  * refused or timeout, log it so the operator can take appropriate actions.
448  * The log statement is a rate limited warning. */
449 static void
450 warn_if_hs_unreachable(const edge_connection_t *conn, uint8_t reason)
451 {
452  tor_assert(conn);
453 
454  if (conn->base_.type == CONN_TYPE_EXIT &&
456  (reason == END_STREAM_REASON_CONNECTREFUSED ||
457  reason == END_STREAM_REASON_TIMEOUT)) {
458 #define WARN_FAILED_HS_CONNECTION 300
459  static ratelim_t warn_limit = RATELIM_INIT(WARN_FAILED_HS_CONNECTION);
460  char *m;
461  if ((m = rate_limit_log(&warn_limit, approx_time()))) {
462  log_warn(LD_EDGE, "Onion service connection to %s failed (%s)",
465  tor_free(m);
466  }
467  }
468 }
469 
470 /** Given a TTL (in seconds) from a DNS response or from a relay, determine
471  * what TTL clients and relays should actually use for caching it. */
472 uint32_t
473 clip_dns_ttl(uint32_t ttl)
474 {
475  /* This logic is a defense against "DefectTor" DNS-based traffic
476  * confirmation attacks, as in https://nymity.ch/tor-dns/tor-dns.pdf .
477  * We only give two values: a "low" value and a "high" value.
478  */
479  if (ttl < MIN_DNS_TTL)
480  return MIN_DNS_TTL;
481  else
482  return MAX_DNS_TTL;
483 }
484 
485 /** Send a relay end cell from stream <b>conn</b> down conn's circuit, and
486  * remember that we've done so. If this is not a client connection, set the
487  * relay end cell's reason for closing as <b>reason</b>.
488  *
489  * Return -1 if this function has already been called on this conn,
490  * else return 0.
491  */
492 int
494 {
495  char payload[RELAY_PAYLOAD_SIZE];
496  size_t payload_len=1;
497  circuit_t *circ;
498  uint8_t control_reason = reason;
499 
500  if (conn->edge_has_sent_end) {
501  log_warn(LD_BUG,"(Harmless.) Calling connection_edge_end (reason %d) "
502  "on an already ended stream?", reason);
504  return -1;
505  }
506 
507  if (conn->base_.marked_for_close) {
508  log_warn(LD_BUG,
509  "called on conn that's already marked for close at %s:%d.",
510  conn->base_.marked_for_close_file, conn->base_.marked_for_close);
511  return 0;
512  }
513 
514  circ = circuit_get_by_edge_conn(conn);
515  if (circ && CIRCUIT_PURPOSE_IS_CLIENT(circ->purpose)) {
516  /* If this is a client circuit, don't send the server an informative
517  * reason code; it doesn't need to know why the client stream is
518  * failing. */
519  reason = END_STREAM_REASON_MISC;
520  }
521 
522  payload[0] = (char)reason;
523  if (reason == END_STREAM_REASON_EXITPOLICY &&
525  int addrlen;
526  if (tor_addr_family(&conn->base_.addr) == AF_INET) {
527  set_uint32(payload+1, tor_addr_to_ipv4n(&conn->base_.addr));
528  addrlen = 4;
529  } else {
530  memcpy(payload+1, tor_addr_to_in6_addr8(&conn->base_.addr), 16);
531  addrlen = 16;
532  }
533  set_uint32(payload+1+addrlen, htonl(clip_dns_ttl(conn->address_ttl)));
534  payload_len += 4+addrlen;
535  }
536 
537  if (circ && !circ->marked_for_close) {
538  log_debug(LD_EDGE,"Sending end on conn (fd "TOR_SOCKET_T_FORMAT").",
539  conn->base_.s);
540 
541  if (CIRCUIT_IS_ORIGIN(circ)) {
542  origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
543  connection_half_edge_add(conn, origin_circ);
544  }
545 
546  connection_edge_send_command(conn, RELAY_COMMAND_END,
547  payload, payload_len);
548  /* We'll log warn if the connection was an hidden service and couldn't be
549  * made because the service wasn't available. */
550  warn_if_hs_unreachable(conn, control_reason);
551  } else {
552  log_debug(LD_EDGE,"No circ to send end on conn "
553  "(fd "TOR_SOCKET_T_FORMAT").",
554  conn->base_.s);
555  }
556 
557  conn->edge_has_sent_end = 1;
558  conn->end_reason = control_reason;
559  return 0;
560 }
561 
562 /**
563  * Helper function for bsearch.
564  *
565  * As per smartlist_bsearch, return < 0 if key precedes member,
566  * > 0 if member precedes key, and 0 if they are equal.
567  *
568  * This is equivalent to subtraction of the values of key - member
569  * (why does no one ever say that explicitly?).
570  */
571 static int
572 connection_half_edge_compare_bsearch(const void *key, const void **member)
573 {
574  const half_edge_t *e2;
575  tor_assert(key);
576  tor_assert(member && *(half_edge_t**)member);
577  e2 = *(const half_edge_t **)member;
578 
579  return *(const streamid_t*)key - e2->stream_id;
580 }
581 
582 /** Total number of half_edge_t objects allocated */
583 static size_t n_half_conns_allocated = 0;
584 
585 /**
586  * Add a half-closed connection to the list, to watch for activity.
587  *
588  * These connections are removed from the list upon receiving an end
589  * cell.
590  */
591 STATIC void
593  origin_circuit_t *circ)
594 {
595  half_edge_t *half_conn = NULL;
596  int insert_at = 0;
597  int ignored;
598 
599  /* Double-check for re-insertion. This should not happen,
600  * but this check is cheap compared to the sort anyway */
602  conn->stream_id)) {
603  log_warn(LD_BUG, "Duplicate stream close for stream %d on circuit %d",
604  conn->stream_id, circ->global_identifier);
605  return;
606  }
607 
608  half_conn = tor_malloc_zero(sizeof(half_edge_t));
610 
611  if (!circ->half_streams) {
612  circ->half_streams = smartlist_new();
613  }
614 
615  half_conn->stream_id = conn->stream_id;
616 
617  // How many sendme's should I expect?
618  half_conn->sendmes_pending =
620 
621  // Is there a connected cell pending?
622  half_conn->connected_pending = conn->base_.state ==
624 
625  /* Data should only arrive if we're not waiting on a resolved cell.
626  * It can arrive after waiting on connected, because of optimistic
627  * data. */
628  if (conn->base_.state != AP_CONN_STATE_RESOLVE_WAIT) {
629  // How many more data cells can arrive on this id?
630  half_conn->data_pending = conn->deliver_window;
631  }
632 
633  insert_at = smartlist_bsearch_idx(circ->half_streams, &half_conn->stream_id,
635  &ignored);
636  smartlist_insert(circ->half_streams, insert_at, half_conn);
637 }
638 
639 /** Release space held by <b>he</b> */
640 void
642 {
643  if (!he)
644  return;
646  tor_free(he);
647 }
648 
649 /** Return the number of bytes devoted to storing info on half-open streams. */
650 size_t
652 {
653  return n_half_conns_allocated * sizeof(half_edge_t);
654 }
655 
656 /**
657  * Find a stream_id_t in the list in O(lg(n)).
658  *
659  * Returns NULL if the list is empty or element is not found.
660  * Returns a pointer to the element if found.
661  */
664  streamid_t stream_id)
665 {
666  if (!half_conns)
667  return NULL;
668 
669  return smartlist_bsearch(half_conns, &stream_id,
671 }
672 
673 /**
674  * Check if this stream_id is in a half-closed state. If so,
675  * check if it still has data cells pending, and decrement that
676  * window if so.
677  *
678  * Return 1 if the data window was not empty.
679  * Return 0 otherwise.
680  */
681 int
683  streamid_t stream_id)
684 {
686  stream_id);
687 
688  if (!half)
689  return 0;
690 
691  if (half->data_pending > 0) {
692  half->data_pending--;
693  return 1;
694  }
695 
696  return 0;
697 }
698 
699 /**
700  * Check if this stream_id is in a half-closed state. If so,
701  * check if it still has a connected cell pending, and decrement
702  * that window if so.
703  *
704  * Return 1 if the connected window was not empty.
705  * Return 0 otherwise.
706  */
707 int
709  streamid_t stream_id)
710 {
712  stream_id);
713 
714  if (!half)
715  return 0;
716 
717  if (half->connected_pending) {
718  half->connected_pending = 0;
719  return 1;
720  }
721 
722  return 0;
723 }
724 
725 /**
726  * Check if this stream_id is in a half-closed state. If so,
727  * check if it still has sendme cells pending, and decrement that
728  * window if so.
729  *
730  * Return 1 if the sendme window was not empty.
731  * Return 0 otherwise.
732  */
733 int
735  streamid_t stream_id)
736 {
738  stream_id);
739 
740  if (!half)
741  return 0;
742 
743  if (half->sendmes_pending > 0) {
744  half->sendmes_pending--;
745  return 1;
746  }
747 
748  return 0;
749 }
750 
751 /**
752  * Check if this stream_id is in a half-closed state. If so, remove
753  * it from the list. No other data should come after the END cell.
754  *
755  * Return 1 if stream_id was in half-closed state.
756  * Return 0 otherwise.
757  */
758 int
760  streamid_t stream_id)
761 {
762  half_edge_t *half;
763  int found, remove_idx;
764 
765  if (!half_conns)
766  return 0;
767 
768  remove_idx = smartlist_bsearch_idx(half_conns, &stream_id,
770  &found);
771  if (!found)
772  return 0;
773 
774  half = smartlist_get(half_conns, remove_idx);
775  smartlist_del_keeporder(half_conns, remove_idx);
776  half_edge_free(half);
777  return 1;
778 }
779 
780 /**
781  * Streams that were used to send a RESOLVE cell are closed
782  * when they get the RESOLVED, without an end. So treat
783  * a RESOLVED just like an end, and remove from the list.
784  */
785 int
787  streamid_t stream_id)
788 {
789  return connection_half_edge_is_valid_end(half_conns, stream_id);
790 }
791 
792 /** An error has just occurred on an operation on an edge connection
793  * <b>conn</b>. Extract the errno; convert it to an end reason, and send an
794  * appropriate relay end cell to the other end of the connection's circuit.
795  **/
796 int
798 {
799  uint8_t reason;
800  tor_assert(conn);
801  reason = errno_to_stream_end_reason(tor_socket_errno(conn->base_.s));
802  return connection_edge_end(conn, reason);
803 }
804 
805 /** We just wrote some data to <b>conn</b>; act appropriately.
806  *
807  * (That is, if it's open, consider sending a stream-level sendme cell if we
808  * have just flushed enough.)
809  */
810 int
812 {
813  switch (conn->base_.state) {
814  case AP_CONN_STATE_OPEN:
815  if (! conn->base_.linked) {
817  }
818 
819  FALLTHROUGH;
822  break;
823  }
824  return 0;
825 }
826 
827 /** Connection <b>conn</b> has finished writing and has no bytes left on
828  * its outbuf.
829  *
830  * If it's in state 'open', stop writing, consider responding with a
831  * sendme, and return.
832  * Otherwise, stop writing and return.
833  *
834  * If <b>conn</b> is broken, mark it for close and return -1, else
835  * return 0.
836  */
837 int
839 {
840  tor_assert(conn);
841 
842  switch (conn->base_.state) {
843  case AP_CONN_STATE_OPEN:
846  return 0;
855  return 0;
856  default:
857  log_warn(LD_BUG, "Called in unexpected state %d.",conn->base_.state);
859  return -1;
860  }
861  return 0;
862 }
863 
864 /** Longest size for the relay payload of a RELAY_CONNECTED cell that we're
865  * able to generate. */
866 /* 4 zero bytes; 1 type byte; 16 byte IPv6 address; 4 byte TTL. */
867 #define MAX_CONNECTED_CELL_PAYLOAD_LEN 25
868 
869 /** Set the buffer at <b>payload_out</b> -- which must have at least
870  * MAX_CONNECTED_CELL_PAYLOAD_LEN bytes available -- to the body of a
871  * RELAY_CONNECTED cell indicating that we have connected to <b>addr</b>, and
872  * that the name resolution that led us to <b>addr</b> will be valid for
873  * <b>ttl</b> seconds. Return -1 on error, or the number of bytes used on
874  * success. */
875 STATIC int
876 connected_cell_format_payload(uint8_t *payload_out,
877  const tor_addr_t *addr,
878  uint32_t ttl)
879 {
880  const sa_family_t family = tor_addr_family(addr);
881  int connected_payload_len;
882 
883  /* should be needless */
884  memset(payload_out, 0, MAX_CONNECTED_CELL_PAYLOAD_LEN);
885 
886  if (family == AF_INET) {
887  set_uint32(payload_out, tor_addr_to_ipv4n(addr));
888  connected_payload_len = 4;
889  } else if (family == AF_INET6) {
890  set_uint32(payload_out, 0);
891  set_uint8(payload_out + 4, 6);
892  memcpy(payload_out + 5, tor_addr_to_in6_addr8(addr), 16);
893  connected_payload_len = 21;
894  } else {
895  return -1;
896  }
897 
898  set_uint32(payload_out + connected_payload_len, htonl(clip_dns_ttl(ttl)));
899  connected_payload_len += 4;
900 
901  tor_assert(connected_payload_len <= MAX_CONNECTED_CELL_PAYLOAD_LEN);
902 
903  return connected_payload_len;
904 }
905 
906 /* This is an onion service client connection: Export the client circuit ID
907  * according to the HAProxy proxy protocol. */
908 STATIC void
909 export_hs_client_circuit_id(edge_connection_t *edge_conn,
910  hs_circuit_id_protocol_t protocol)
911 {
912  /* We only support HAProxy right now. */
913  if (protocol != HS_CIRCUIT_ID_PROTOCOL_HAPROXY)
914  return;
915 
916  char *buf = NULL;
917  const char dst_ipv6[] = "::1";
918  /* See RFC4193 regarding fc00::/7 */
919  const char src_ipv6_prefix[] = "fc00:dead:beef:4dad:";
920  uint16_t dst_port = 0;
921  uint16_t src_port = 1; /* default value */
922  uint32_t gid = 0; /* default value */
923 
924  /* Generate a GID and source port for this client */
925  if (edge_conn->on_circuit != NULL) {
927  src_port = gid & 0x0000ffff;
928  }
929 
930  /* Grab the original dest port from the hs ident */
931  if (edge_conn->hs_ident) {
932  dst_port = edge_conn->hs_ident->orig_virtual_port;
933  }
934 
935  /* Build the string */
936  tor_asprintf(&buf, "PROXY TCP6 %s:%x:%x %s %d %d\r\n",
937  src_ipv6_prefix,
938  gid >> 16, gid & 0x0000ffff,
939  dst_ipv6, src_port, dst_port);
940 
941  connection_buf_add(buf, strlen(buf), TO_CONN(edge_conn));
942 
943  tor_free(buf);
944 }
945 
946 /** Connected handler for exit connections: start writing pending
947  * data, deliver 'CONNECTED' relay cells as appropriate, and check
948  * any pending data that may have been received. */
949 int
951 {
952  connection_t *conn;
953 
954  tor_assert(edge_conn);
955  tor_assert(edge_conn->base_.type == CONN_TYPE_EXIT);
956  conn = TO_CONN(edge_conn);
958 
959  log_info(LD_EXIT,"%s established.",
960  connection_describe(conn));
961 
963 
964  conn->state = EXIT_CONN_STATE_OPEN;
965 
966  connection_watch_events(conn, READ_EVENT); /* stop writing, keep reading */
967  if (connection_get_outbuf_len(conn)) /* in case there are any queued relay
968  * cells */
970  /* deliver a 'connected' relay cell back through the circuit. */
971  if (connection_edge_is_rendezvous_stream(edge_conn)) {
972  if (connection_edge_send_command(edge_conn,
973  RELAY_COMMAND_CONNECTED, NULL, 0) < 0)
974  return 0; /* circuit is closed, don't continue */
975  } else {
976  uint8_t connected_payload[MAX_CONNECTED_CELL_PAYLOAD_LEN];
977  int connected_payload_len =
978  connected_cell_format_payload(connected_payload, &conn->addr,
979  edge_conn->address_ttl);
980  if (connected_payload_len < 0)
981  return -1;
982 
983  if (connection_edge_send_command(edge_conn,
984  RELAY_COMMAND_CONNECTED,
985  (char*)connected_payload, connected_payload_len) < 0)
986  return 0; /* circuit is closed, don't continue */
987  }
988  tor_assert(edge_conn->package_window > 0);
989  /* in case the server has written anything */
990  return connection_edge_process_inbuf(edge_conn, 1);
991 }
992 
993 /** A list of all the entry_connection_t * objects that are not marked
994  * for close, and are in AP_CONN_STATE_CIRCUIT_WAIT.
995  *
996  * (Right now, we check in several places to make sure that this list is
997  * correct. When it's incorrect, we'll fix it, and log a BUG message.)
998  */
1000 
1001 static int untried_pending_connections = 0;
1002 
1003 /**
1004  * Mainloop event to tell us to scan for pending connections that can
1005  * be attached.
1006  */
1008 
1009 /** Common code to connection_(ap|exit)_about_to_close. */
1010 static void
1012 {
1013  if (!edge_conn->edge_has_sent_end) {
1014  connection_t *conn = TO_CONN(edge_conn);
1015  log_warn(LD_BUG, "(Harmless.) Edge connection (marked at %s:%d) "
1016  "hasn't sent end yet?",
1019  }
1020 }
1021 
1022 /** Called when we're about to finally unlink and free an AP (client)
1023  * connection: perform necessary accounting and cleanup */
1024 void
1026 {
1027  circuit_t *circ;
1028  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(entry_conn);
1029  connection_t *conn = ENTRY_TO_CONN(entry_conn);
1030 
1031  connection_edge_about_to_close(edge_conn);
1032 
1033  if (entry_conn->socks_request->has_finished == 0) {
1034  /* since conn gets removed right after this function finishes,
1035  * there's no point trying to send back a reply at this point. */
1036  log_warn(LD_BUG,"Closing stream (marked at %s:%d) without sending"
1037  " back a socks reply.",
1039  }
1040  if (!edge_conn->end_reason) {
1041  log_warn(LD_BUG,"Closing stream (marked at %s:%d) without having"
1042  " set end_reason.",
1044  }
1045  if (entry_conn->dns_server_request) {
1046  log_warn(LD_BUG,"Closing stream (marked at %s:%d) without having"
1047  " replied to DNS request.",
1049  dnsserv_reject_request(entry_conn);
1050  }
1051 
1052  if (TO_CONN(edge_conn)->state == AP_CONN_STATE_CIRCUIT_WAIT) {
1054  }
1055 
1056 #if 1
1057  /* Check to make sure that this isn't in pending_entry_connections if it
1058  * didn't actually belong there. */
1059  if (TO_CONN(edge_conn)->type == CONN_TYPE_AP) {
1060  connection_ap_warn_and_unmark_if_pending_circ(entry_conn,
1061  "about_to_close");
1062  }
1063 #endif /* 1 */
1064 
1065  control_event_stream_bandwidth(edge_conn);
1066  control_event_stream_status(entry_conn, STREAM_EVENT_CLOSED,
1067  edge_conn->end_reason);
1068  circ = circuit_get_by_edge_conn(edge_conn);
1069  if (circ)
1070  circuit_detach_stream(circ, edge_conn);
1071 }
1072 
1073 /** Called when we're about to finally unlink and free an exit
1074  * connection: perform necessary accounting and cleanup */
1075 void
1077 {
1078  circuit_t *circ;
1079  connection_t *conn = TO_CONN(edge_conn);
1080 
1081  connection_edge_about_to_close(edge_conn);
1082 
1083  circ = circuit_get_by_edge_conn(edge_conn);
1084  if (circ)
1085  circuit_detach_stream(circ, edge_conn);
1086  if (conn->state == EXIT_CONN_STATE_RESOLVING) {
1087  connection_dns_remove(edge_conn);
1088  }
1089 }
1090 
1091 /** Define a schedule for how long to wait between retrying
1092  * application connections. Rather than waiting a fixed amount of
1093  * time between each retry, we wait 10 seconds each for the first
1094  * two tries, and 15 seconds for each retry after
1095  * that. Hopefully this will improve the expected user experience. */
1096 static int
1098 {
1100  if (timeout) /* if our config options override the default, use them */
1101  return timeout;
1102  if (conn->num_socks_retries < 2) /* try 0 and try 1 */
1103  return 10;
1104  return 15;
1105 }
1106 
1107 /** Find all general-purpose AP streams waiting for a response that sent their
1108  * begin/resolve cell too long ago. Detach from their current circuit, and
1109  * mark their current circuit as unsuitable for new streams. Then call
1110  * connection_ap_handshake_attach_circuit() to attach to a new circuit (if
1111  * available) or launch a new one.
1112  *
1113  * For rendezvous streams, simply give up after SocksTimeout seconds (with no
1114  * retry attempt).
1115  */
1116 void
1118 {
1119  edge_connection_t *conn;
1120  entry_connection_t *entry_conn;
1121  circuit_t *circ;
1122  time_t now = time(NULL);
1123  const or_options_t *options = get_options();
1124  int severity;
1125  int cutoff;
1126  int seconds_idle, seconds_since_born;
1127  smartlist_t *conns = get_connection_array();
1128 
1129  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, base_conn) {
1130  if (base_conn->type != CONN_TYPE_AP || base_conn->marked_for_close)
1131  continue;
1132  entry_conn = TO_ENTRY_CONN(base_conn);
1133  conn = ENTRY_TO_EDGE_CONN(entry_conn);
1134  /* if it's an internal linked connection, don't yell its status. */
1135  severity = (tor_addr_is_null(&base_conn->addr) && !base_conn->port)
1136  ? LOG_INFO : LOG_NOTICE;
1137  seconds_idle = (int)( now - base_conn->timestamp_last_read_allowed );
1138  seconds_since_born = (int)( now - base_conn->timestamp_created );
1139 
1140  if (base_conn->state == AP_CONN_STATE_OPEN)
1141  continue;
1142 
1143  /* We already consider SocksTimeout in
1144  * connection_ap_handshake_attach_circuit(), but we need to consider
1145  * it here too because controllers that put streams in controller_wait
1146  * state never ask Tor to attach the circuit. */
1147  if (AP_CONN_STATE_IS_UNATTACHED(base_conn->state)) {
1148  if (seconds_since_born >= options->SocksTimeout) {
1149  log_fn(severity, LD_APP,
1150  "Tried for %d seconds to get a connection to %s:%d. "
1151  "Giving up. (%s)",
1152  seconds_since_born,
1153  safe_str_client(entry_conn->socks_request->address),
1154  entry_conn->socks_request->port,
1155  conn_state_to_string(CONN_TYPE_AP, base_conn->state));
1156  connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);
1157  }
1158  continue;
1159  }
1160 
1161  /* We're in state connect_wait or resolve_wait now -- waiting for a
1162  * reply to our relay cell. See if we want to retry/give up. */
1163 
1164  cutoff = compute_retry_timeout(entry_conn);
1165  if (seconds_idle < cutoff)
1166  continue;
1167  circ = circuit_get_by_edge_conn(conn);
1168  if (!circ) { /* it's vanished? */
1169  log_info(LD_APP,"Conn is waiting (address %s), but lost its circ.",
1170  safe_str_client(entry_conn->socks_request->address));
1171  connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);
1172  continue;
1173  }
1174  if (circ->purpose == CIRCUIT_PURPOSE_C_REND_JOINED) {
1175  if (seconds_idle >= options->SocksTimeout) {
1176  log_fn(severity, LD_REND,
1177  "Rend stream is %d seconds late. Giving up on address"
1178  " '%s.onion'.",
1179  seconds_idle,
1180  safe_str_client(entry_conn->socks_request->address));
1181  /* Roll back path bias use state so that we probe the circuit
1182  * if nothing else succeeds on it */
1184 
1185  connection_edge_end(conn, END_STREAM_REASON_TIMEOUT);
1186  connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);
1187  }
1188  continue;
1189  }
1190 
1191  if (circ->purpose != CIRCUIT_PURPOSE_C_GENERAL &&
1197  log_warn(LD_BUG, "circuit->purpose == CIRCUIT_PURPOSE_C_GENERAL failed. "
1198  "The purpose on the circuit was %s; it was in state %s, "
1199  "path_state %s.",
1202  CIRCUIT_IS_ORIGIN(circ) ?
1203  pathbias_state_to_string(TO_ORIGIN_CIRCUIT(circ)->path_state) :
1204  "none");
1205  }
1206  log_fn(cutoff < 15 ? LOG_INFO : severity, LD_APP,
1207  "We tried for %d seconds to connect to '%s' using exit %s."
1208  " Retrying on a new circuit.",
1209  seconds_idle,
1210  safe_str_client(entry_conn->socks_request->address),
1211  conn->cpath_layer ?
1213  "*unnamed*");
1214  /* send an end down the circuit */
1215  connection_edge_end(conn, END_STREAM_REASON_TIMEOUT);
1216  /* un-mark it as ending, since we're going to reuse it */
1217  conn->edge_has_sent_end = 0;
1218  conn->end_reason = 0;
1219  /* make us not try this circuit again, but allow
1220  * current streams on it to survive if they can */
1222 
1223  /* give our stream another 'cutoff' seconds to try */
1224  conn->base_.timestamp_last_read_allowed += cutoff;
1225  if (entry_conn->num_socks_retries < 250) /* avoid overflow */
1226  entry_conn->num_socks_retries++;
1227  /* move it back into 'pending' state, and try to attach. */
1228  if (connection_ap_detach_retriable(entry_conn, TO_ORIGIN_CIRCUIT(circ),
1229  END_STREAM_REASON_TIMEOUT)<0) {
1230  if (!base_conn->marked_for_close)
1231  connection_mark_unattached_ap(entry_conn,
1233  }
1234  } SMARTLIST_FOREACH_END(base_conn);
1235 }
1236 
1237 /**
1238  * As connection_ap_attach_pending, but first scans the entire connection
1239  * array to see if any elements are missing.
1240  */
1241 void
1243 {
1244  entry_connection_t *entry_conn;
1245  smartlist_t *conns = get_connection_array();
1246 
1247  if (PREDICT_UNLIKELY(NULL == pending_entry_connections))
1249 
1250  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
1251  if (conn->marked_for_close ||
1252  conn->type != CONN_TYPE_AP ||
1253  conn->state != AP_CONN_STATE_CIRCUIT_WAIT)
1254  continue;
1255 
1256  entry_conn = TO_ENTRY_CONN(conn);
1257  tor_assert(entry_conn);
1258  if (! smartlist_contains(pending_entry_connections, entry_conn)) {
1259  log_warn(LD_BUG, "Found a connection %p that was supposed to be "
1260  "in pending_entry_connections, but wasn't. No worries; "
1261  "adding it.",
1263  untried_pending_connections = 1;
1264  connection_ap_mark_as_pending_circuit(entry_conn);
1265  }
1266 
1267  } SMARTLIST_FOREACH_END(conn);
1268 
1270 }
1271 
1272 #ifdef DEBUGGING_17659
1273 #define UNMARK() do { \
1274  entry_conn->marked_pending_circ_line = 0; \
1275  entry_conn->marked_pending_circ_file = 0; \
1276  } while (0)
1277 #else /* !defined(DEBUGGING_17659) */
1278 #define UNMARK() do { } while (0)
1279 #endif /* defined(DEBUGGING_17659) */
1280 
1281 /** Tell any AP streams that are listed as waiting for a new circuit to try
1282  * again. If there is an available circuit for a stream, attach it. Otherwise,
1283  * launch a new circuit.
1284  *
1285  * If <b>retry</b> is false, only check the list if it contains at least one
1286  * streams that we have not yet tried to attach to a circuit.
1287  */
1288 void
1290 {
1291  if (PREDICT_UNLIKELY(!pending_entry_connections)) {
1292  return;
1293  }
1294 
1295  if (untried_pending_connections == 0 && !retry)
1296  return;
1297 
1298  /* Don't allow any modifications to list while we are iterating over
1299  * it. We'll put streams back on this list if we can't attach them
1300  * immediately. */
1303 
1304  SMARTLIST_FOREACH_BEGIN(pending,
1305  entry_connection_t *, entry_conn) {
1306  connection_t *conn = ENTRY_TO_CONN(entry_conn);
1307  tor_assert(conn && entry_conn);
1308  if (conn->marked_for_close) {
1309  UNMARK();
1310  continue;
1311  }
1312  if (conn->magic != ENTRY_CONNECTION_MAGIC) {
1313  log_warn(LD_BUG, "%p has impossible magic value %u.",
1314  entry_conn, (unsigned)conn->magic);
1315  UNMARK();
1316  continue;
1317  }
1318  if (conn->state != AP_CONN_STATE_CIRCUIT_WAIT) {
1319  log_warn(LD_BUG, "%p is no longer in circuit_wait. Its current state "
1320  "is %s. Why is it on pending_entry_connections?",
1321  entry_conn,
1322  conn_state_to_string(conn->type, conn->state));
1323  UNMARK();
1324  continue;
1325  }
1326 
1327  /* Okay, we're through the sanity checks. Try to handle this stream. */
1328  if (connection_ap_handshake_attach_circuit(entry_conn) < 0) {
1329  if (!conn->marked_for_close)
1330  connection_mark_unattached_ap(entry_conn,
1332  }
1333 
1334  if (! conn->marked_for_close &&
1335  conn->type == CONN_TYPE_AP &&
1336  conn->state == AP_CONN_STATE_CIRCUIT_WAIT) {
1337  /* Is it still waiting for a circuit? If so, we didn't attach it,
1338  * so it's still pending. Put it back on the list.
1339  */
1340  if (!smartlist_contains(pending_entry_connections, entry_conn)) {
1342  continue;
1343  }
1344  }
1345 
1346  /* If we got here, then we either closed the connection, or
1347  * we attached it. */
1348  UNMARK();
1349  } SMARTLIST_FOREACH_END(entry_conn);
1350 
1351  smartlist_free(pending);
1352  untried_pending_connections = 0;
1353 }
1354 
1355 static void
1356 attach_pending_entry_connections_cb(mainloop_event_t *ev, void *arg)
1357 {
1358  (void)ev;
1359  (void)arg;
1361 }
1362 
1363 /** Mark <b>entry_conn</b> as needing to get attached to a circuit.
1364  *
1365  * And <b>entry_conn</b> must be in AP_CONN_STATE_CIRCUIT_WAIT,
1366  * should not already be pending a circuit. The circuit will get
1367  * launched or the connection will get attached the next time we
1368  * call connection_ap_attach_pending().
1369  */
1370 void
1372  const char *fname, int lineno)
1373 {
1374  connection_t *conn = ENTRY_TO_CONN(entry_conn);
1376  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
1377  if (conn->marked_for_close)
1378  return;
1379 
1380  if (PREDICT_UNLIKELY(NULL == pending_entry_connections)) {
1382  }
1383  if (PREDICT_UNLIKELY(NULL == attach_pending_entry_connections_ev)) {
1385  attach_pending_entry_connections_cb, NULL);
1386  }
1387  if (PREDICT_UNLIKELY(smartlist_contains(pending_entry_connections,
1388  entry_conn))) {
1389  log_warn(LD_BUG, "What?? pending_entry_connections already contains %p! "
1390  "(Called from %s:%d.)",
1391  entry_conn, fname, lineno);
1392 #ifdef DEBUGGING_17659
1393  const char *f2 = entry_conn->marked_pending_circ_file;
1394  log_warn(LD_BUG, "(Previously called from %s:%d.)\n",
1395  f2 ? f2 : "<NULL>",
1396  entry_conn->marked_pending_circ_line);
1397 #endif /* defined(DEBUGGING_17659) */
1398  log_backtrace(LOG_WARN, LD_BUG, "To debug, this may help");
1399  return;
1400  }
1401 
1402 #ifdef DEBUGGING_17659
1403  entry_conn->marked_pending_circ_line = (uint16_t) lineno;
1404  entry_conn->marked_pending_circ_file = fname;
1405 #endif
1406 
1407  untried_pending_connections = 1;
1409 
1411 }
1412 
1413 /** Mark <b>entry_conn</b> as no longer waiting for a circuit. */
1414 void
1416 {
1417  if (PREDICT_UNLIKELY(NULL == pending_entry_connections))
1418  return;
1419  UNMARK();
1421 }
1422 
1423 /** Mark <b>entry_conn</b> as waiting for a rendezvous descriptor. This
1424  * function will remove the entry connection from the waiting for a circuit
1425  * list (pending_entry_connections).
1426  *
1427  * This pattern is used across the code base because a connection in state
1428  * AP_CONN_STATE_RENDDESC_WAIT must not be in the pending list. */
1429 void
1431 {
1432  tor_assert(entry_conn);
1433 
1435  ENTRY_TO_CONN(entry_conn)->state = AP_CONN_STATE_RENDDESC_WAIT;
1436 }
1437 
1438 /* DOCDOC */
1439 void
1440 connection_ap_warn_and_unmark_if_pending_circ(entry_connection_t *entry_conn,
1441  const char *where)
1442 {
1445  log_warn(LD_BUG, "What was %p doing in pending_entry_connections in %s?",
1446  entry_conn, where);
1448  }
1449 }
1450 
1451 /** Tell any AP streams that are waiting for a one-hop tunnel to
1452  * <b>failed_digest</b> that they are going to fail. */
1453 /* XXXX We should get rid of this function, and instead attach
1454  * one-hop streams to circ->p_streams so they get marked in
1455  * circuit_mark_for_close like normal p_streams. */
1456 void
1457 connection_ap_fail_onehop(const char *failed_digest,
1458  cpath_build_state_t *build_state)
1459 {
1460  entry_connection_t *entry_conn;
1461  char digest[DIGEST_LEN];
1462  smartlist_t *conns = get_connection_array();
1463  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
1464  if (conn->marked_for_close ||
1465  conn->type != CONN_TYPE_AP ||
1466  conn->state != AP_CONN_STATE_CIRCUIT_WAIT)
1467  continue;
1468  entry_conn = TO_ENTRY_CONN(conn);
1469  if (!entry_conn->want_onehop)
1470  continue;
1471  if (hexdigest_to_digest(entry_conn->chosen_exit_name, digest) < 0 ||
1472  tor_memneq(digest, failed_digest, DIGEST_LEN))
1473  continue;
1474  if (tor_digest_is_zero(digest)) {
1475  /* we don't know the digest; have to compare addr:port */
1476  tor_addr_t addr;
1477  if (!build_state || !build_state->chosen_exit ||
1478  !entry_conn->socks_request) {
1479  continue;
1480  }
1481  if (tor_addr_parse(&addr, entry_conn->socks_request->address)<0 ||
1482  !extend_info_has_orport(build_state->chosen_exit, &addr,
1483  entry_conn->socks_request->port))
1484  continue;
1485  }
1486  log_info(LD_APP, "Closing one-hop stream to '%s/%s' because the OR conn "
1487  "just failed.", entry_conn->chosen_exit_name,
1488  entry_conn->socks_request->address);
1489  connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);
1490  } SMARTLIST_FOREACH_END(conn);
1491 }
1492 
1493 /** A circuit failed to finish on its last hop <b>info</b>. If there
1494  * are any streams waiting with this exit node in mind, but they
1495  * don't absolutely require it, make them give up on it.
1496  */
1497 void
1499 {
1500  entry_connection_t *entry_conn;
1501  const node_t *r1, *r2;
1502 
1503  smartlist_t *conns = get_connection_array();
1504  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
1505  if (conn->marked_for_close ||
1506  conn->type != CONN_TYPE_AP ||
1507  conn->state != AP_CONN_STATE_CIRCUIT_WAIT)
1508  continue;
1509  entry_conn = TO_ENTRY_CONN(conn);
1510  if (!entry_conn->chosen_exit_optional &&
1511  !entry_conn->chosen_exit_retries)
1512  continue;
1513  r1 = node_get_by_nickname(entry_conn->chosen_exit_name,
1514  NNF_NO_WARN_UNNAMED);
1515  r2 = node_get_by_id(info->identity_digest);
1516  if (!r1 || !r2 || r1 != r2)
1517  continue;
1518  tor_assert(entry_conn->socks_request);
1519  if (entry_conn->chosen_exit_optional) {
1520  log_info(LD_APP, "Giving up on enclave exit '%s' for destination %s.",
1521  safe_str_client(entry_conn->chosen_exit_name),
1523  entry_conn->chosen_exit_optional = 0;
1524  tor_free(entry_conn->chosen_exit_name); /* clears it */
1525  /* if this port is dangerous, warn or reject it now that we don't
1526  * think it'll be using an enclave. */
1527  consider_plaintext_ports(entry_conn, entry_conn->socks_request->port);
1528  }
1529  if (entry_conn->chosen_exit_retries) {
1530  if (--entry_conn->chosen_exit_retries == 0) { /* give up! */
1532  tor_free(entry_conn->chosen_exit_name); /* clears it */
1533  /* if this port is dangerous, warn or reject it now that we don't
1534  * think it'll be using an enclave. */
1535  consider_plaintext_ports(entry_conn, entry_conn->socks_request->port);
1536  }
1537  }
1538  } SMARTLIST_FOREACH_END(conn);
1539 }
1540 
1541 /** Set the connection state to CONTROLLER_WAIT and send an control port event.
1542  */
1543 void
1545 {
1546  CONNECTION_AP_EXPECT_NONPENDING(conn);
1548  control_event_stream_status(conn, STREAM_EVENT_CONTROLLER_WAIT, 0);
1549 }
1550 
1551 /** The AP connection <b>conn</b> has just failed while attaching or
1552  * sending a BEGIN or resolving on <b>circ</b>, but another circuit
1553  * might work. Detach the circuit, and either reattach it, launch a
1554  * new circuit, tell the controller, or give up as appropriate.
1555  *
1556  * Returns -1 on err, 1 on success, 0 on not-yet-sure.
1557  */
1558 int
1560  origin_circuit_t *circ,
1561  int reason)
1562 {
1563  control_event_stream_status(conn, STREAM_EVENT_FAILED_RETRIABLE, reason);
1564  ENTRY_TO_CONN(conn)->timestamp_last_read_allowed = time(NULL);
1565 
1566  /* Roll back path bias use state so that we probe the circuit
1567  * if nothing else succeeds on it */
1569 
1570  if (conn->pending_optimistic_data) {
1571  buf_set_to_copy(&conn->sending_optimistic_data,
1572  conn->pending_optimistic_data);
1573  }
1574 
1575  if (!get_options()->LeaveStreamsUnattached || conn->use_begindir) {
1576  /* If we're attaching streams ourself, or if this connection is
1577  * a tunneled directory connection, then just attach it. */
1580  connection_ap_mark_as_pending_circuit(conn);
1581  } else {
1584  }
1585  return 0;
1586 }
1587 
1588 /** Check if <b>conn</b> is using a dangerous port. Then warn and/or
1589  * reject depending on our config options. */
1590 static int
1592 {
1593  const or_options_t *options = get_options();
1594  int reject = smartlist_contains_int_as_string(
1595  options->RejectPlaintextPorts, port);
1596 
1598  log_warn(LD_APP, "Application request to port %d: this port is "
1599  "commonly used for unencrypted protocols. Please make sure "
1600  "you don't send anything you would mind the rest of the "
1601  "Internet reading!%s", port, reject ? " Closing." : "");
1602  control_event_client_status(LOG_WARN, "DANGEROUS_PORT PORT=%d RESULT=%s",
1603  port, reject ? "REJECT" : "WARN");
1604  }
1605 
1606  if (reject) {
1607  log_info(LD_APP, "Port %d listed in RejectPlaintextPorts. Closing.", port);
1608  connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
1609  return -1;
1610  }
1611 
1612  return 0;
1613 }
1614 
1615 /** Return true iff <b>query</b> is a syntactically valid service ID (as
1616  * generated by rend_get_service_id). */
1617 static int
1618 rend_valid_v2_service_id(const char *query)
1619 {
1620  /** Length of 'y' portion of 'y.onion' URL. */
1621 #define REND_SERVICE_ID_LEN_BASE32 16
1622 
1623  if (strlen(query) != REND_SERVICE_ID_LEN_BASE32)
1624  return 0;
1625 
1626  if (strspn(query, BASE32_CHARS) != REND_SERVICE_ID_LEN_BASE32)
1627  return 0;
1628 
1629  return 1;
1630 }
1631 
1632 /** Parse the given hostname in address. Returns true if the parsing was
1633  * successful and type_out contains the type of the hostname. Else, false is
1634  * returned which means it was not recognized and type_out is set to
1635  * BAD_HOSTNAME.
1636  *
1637  * The possible recognized forms are (where true is returned):
1638  *
1639  * If address is of the form "y.onion" with a well-formed handle y:
1640  * Put a NUL after y, lower-case it, and return ONION_V3_HOSTNAME
1641  * depending on the HS version.
1642  *
1643  * If address is of the form "x.y.onion" with a well-formed handle x:
1644  * Drop "x.", put a NUL after y, lower-case it, and return
1645  * ONION_V3_HOSTNAME depending on the HS version.
1646  *
1647  * If address is of the form "y.onion" with a badly-formed handle y:
1648  * Return BAD_HOSTNAME and log a message.
1649  *
1650  * If address is of the form "y.exit":
1651  * Put a NUL after y and return EXIT_HOSTNAME.
1652  *
1653  * Otherwise:
1654  * Return NORMAL_HOSTNAME and change nothing.
1655  */
1656 STATIC bool
1657 parse_extended_hostname(char *address, hostname_type_t *type_out)
1658 {
1659  char *s;
1660  char *q;
1661  char query[HS_SERVICE_ADDR_LEN_BASE32+1];
1662 
1663  s = strrchr(address,'.');
1664  if (!s) {
1665  *type_out = NORMAL_HOSTNAME; /* no dot, thus normal */
1666  goto success;
1667  }
1668  if (!strcmp(s+1,"exit")) {
1669  *s = 0; /* NUL-terminate it */
1670  *type_out = EXIT_HOSTNAME; /* .exit */
1671  goto success;
1672  }
1673  if (strcmp(s+1,"onion")) {
1674  *type_out = NORMAL_HOSTNAME; /* neither .exit nor .onion, thus normal */
1675  goto success;
1676  }
1677 
1678  /* so it is .onion */
1679  *s = 0; /* NUL-terminate it */
1680  /* locate a 'sub-domain' component, in order to remove it */
1681  q = strrchr(address, '.');
1682  if (q == address) {
1683  *type_out = BAD_HOSTNAME;
1684  goto failed; /* reject sub-domain, as DNS does */
1685  }
1686  q = (NULL == q) ? address : q + 1;
1687  if (strlcpy(query, q, HS_SERVICE_ADDR_LEN_BASE32+1) >=
1689  *type_out = BAD_HOSTNAME;
1690  goto failed;
1691  }
1692  if (q != address) {
1693  memmove(address, q, strlen(q) + 1 /* also get \0 */);
1694  }
1695  /* v2 onion address check. */
1696  if (strlen(query) == REND_SERVICE_ID_LEN_BASE32) {
1697  *type_out = ONION_V2_HOSTNAME;
1698  if (rend_valid_v2_service_id(query)) {
1699  goto success;
1700  }
1701  goto failed;
1702  }
1703 
1704  /* v3 onion address check. */
1705  if (strlen(query) == HS_SERVICE_ADDR_LEN_BASE32) {
1706  *type_out = ONION_V3_HOSTNAME;
1707  if (hs_address_is_valid(query)) {
1708  goto success;
1709  }
1710  goto failed;
1711  }
1712 
1713  /* Reaching this point, nothing was recognized. */
1714  *type_out = BAD_HOSTNAME;
1715  goto failed;
1716 
1717  success:
1718  return true;
1719  failed:
1720  /* otherwise, return to previous state and return 0 */
1721  *s = '.';
1722  const bool is_onion = (*type_out == ONION_V2_HOSTNAME) ||
1723  (*type_out == ONION_V3_HOSTNAME);
1724  log_warn(LD_APP, "Invalid %shostname %s; rejecting",
1725  is_onion ? "onion " : "",
1726  safe_str_client(address));
1727  if (*type_out == ONION_V3_HOSTNAME) {
1728  *type_out = BAD_HOSTNAME;
1729  }
1730  return false;
1731 }
1732 
1733 /** How many times do we try connecting with an exit configured via
1734  * TrackHostExits before concluding that it won't work any more and trying a
1735  * different one? */
1736 #define TRACKHOSTEXITS_RETRIES 5
1737 
1738 /** Call connection_ap_handshake_rewrite_and_attach() unless a controller
1739  * asked us to leave streams unattached. Return 0 in that case.
1740  *
1741  * See connection_ap_handshake_rewrite_and_attach()'s
1742  * documentation for arguments and return value.
1743  */
1744 MOCK_IMPL(int,
1746  origin_circuit_t *circ,
1747  crypt_path_t *cpath))
1748 {
1749  const or_options_t *options = get_options();
1750 
1751  if (options->LeaveStreamsUnattached) {
1753  return 0;
1754  }
1755  return connection_ap_handshake_rewrite_and_attach(conn, circ, cpath);
1756 }
1757 
1758 /* Try to perform any map-based rewriting of the target address in
1759  * <b>conn</b>, filling in the fields of <b>out</b> as we go, and modifying
1760  * conn->socks_request.address as appropriate.
1761  */
1762 STATIC void
1763 connection_ap_handshake_rewrite(entry_connection_t *conn,
1764  rewrite_result_t *out)
1765 {
1766  socks_request_t *socks = conn->socks_request;
1767  const or_options_t *options = get_options();
1768  tor_addr_t addr_tmp;
1769 
1770  /* Initialize all the fields of 'out' to reasonable defaults */
1771  out->automap = 0;
1772  out->exit_source = ADDRMAPSRC_NONE;
1773  out->map_expires = TIME_MAX;
1774  out->end_reason = 0;
1775  out->should_close = 0;
1776  out->orig_address[0] = 0;
1777 
1778  /* We convert all incoming addresses to lowercase. */
1779  tor_strlower(socks->address);
1780  /* Remember the original address. */
1781  strlcpy(out->orig_address, socks->address, sizeof(out->orig_address));
1782  log_debug(LD_APP,"Client asked for %s:%d",
1783  safe_str_client(socks->address),
1784  socks->port);
1785 
1786  /* Check for whether this is a .exit address. By default, those are
1787  * disallowed when they're coming straight from the client, but you're
1788  * allowed to have them in MapAddress commands and so forth. */
1789  if (!strcmpend(socks->address, ".exit")) {
1790  static ratelim_t exit_warning_limit = RATELIM_INIT(60*15);
1791  log_fn_ratelim(&exit_warning_limit, LOG_WARN, LD_APP,
1792  "The \".exit\" notation is disabled in Tor due to "
1793  "security risks.");
1794  control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
1795  escaped(socks->address));
1796  out->end_reason = END_STREAM_REASON_TORPROTOCOL;
1797  out->should_close = 1;
1798  return;
1799  }
1800 
1801  /* Remember the original address so we can tell the user about what
1802  * they actually said, not just what it turned into. */
1803  /* XXX yes, this is the same as out->orig_address above. One is
1804  * in the output, and one is in the connection. */
1805  if (! conn->original_dest_address) {
1806  /* Is the 'if' necessary here? XXXX */
1807  conn->original_dest_address = tor_strdup(conn->socks_request->address);
1808  }
1809 
1810  /* First, apply MapAddress and MAPADDRESS mappings. We need to do
1811  * these only for non-reverse lookups, since they don't exist for those.
1812  * We also need to do this before we consider automapping, since we might
1813  * e.g. resolve irc.oftc.net into irconionaddress.onion, at which point
1814  * we'd need to automap it. */
1815  if (socks->command != SOCKS_COMMAND_RESOLVE_PTR) {
1816  const unsigned rewrite_flags = AMR_FLAG_USE_MAPADDRESS;
1817  if (addressmap_rewrite(socks->address, sizeof(socks->address),
1818  rewrite_flags, &out->map_expires, &out->exit_source)) {
1819  control_event_stream_status(conn, STREAM_EVENT_REMAP,
1821  }
1822  }
1823 
1824  /* Now see if we need to create or return an existing Hostname->IP
1825  * automapping. Automapping happens when we're asked to resolve a
1826  * hostname, and AutomapHostsOnResolve is set, and the hostname has a
1827  * suffix listed in AutomapHostsSuffixes. It's a handy feature
1828  * that lets you have Tor assign e.g. IPv6 addresses for .onion
1829  * names, and return them safely from DNSPort.
1830  */
1831  if (socks->command == SOCKS_COMMAND_RESOLVE &&
1832  tor_addr_parse(&addr_tmp, socks->address)<0 &&
1833  options->AutomapHostsOnResolve) {
1834  /* Check the suffix... */
1835  out->automap = addressmap_address_should_automap(socks->address, options);
1836  if (out->automap) {
1837  /* If we get here, then we should apply an automapping for this. */
1838  const char *new_addr;
1839  /* We return an IPv4 address by default, or an IPv6 address if we
1840  * are allowed to do so. */
1841  int addr_type = RESOLVED_TYPE_IPV4;
1842  if (conn->socks_request->socks_version != 4) {
1843  if (!conn->entry_cfg.ipv4_traffic ||
1844  (conn->entry_cfg.ipv6_traffic && conn->entry_cfg.prefer_ipv6) ||
1845  conn->entry_cfg.prefer_ipv6_virtaddr)
1846  addr_type = RESOLVED_TYPE_IPV6;
1847  }
1848  /* Okay, register the target address as automapped, and find the new
1849  * address we're supposed to give as a resolve answer. (Return a cached
1850  * value if we've looked up this address before.
1851  */
1853  addr_type, tor_strdup(socks->address));
1854  if (! new_addr) {
1855  log_warn(LD_APP, "Unable to automap address %s",
1856  escaped_safe_str(socks->address));
1857  out->end_reason = END_STREAM_REASON_INTERNAL;
1858  out->should_close = 1;
1859  return;
1860  }
1861  log_info(LD_APP, "Automapping %s to %s",
1863  safe_str_client(new_addr));
1864  strlcpy(socks->address, new_addr, sizeof(socks->address));
1865  }
1866  }
1867 
1868  /* Now handle reverse lookups, if they're in the cache. This doesn't
1869  * happen too often, since client-side DNS caching is off by default,
1870  * and very deprecated. */
1871  if (socks->command == SOCKS_COMMAND_RESOLVE_PTR) {
1872  unsigned rewrite_flags = 0;
1873  if (conn->entry_cfg.use_cached_ipv4_answers)
1874  rewrite_flags |= AMR_FLAG_USE_IPV4_DNS;
1875  if (conn->entry_cfg.use_cached_ipv6_answers)
1876  rewrite_flags |= AMR_FLAG_USE_IPV6_DNS;
1877 
1878  if (addressmap_rewrite_reverse(socks->address, sizeof(socks->address),
1879  rewrite_flags, &out->map_expires)) {
1880  char *result = tor_strdup(socks->address);
1881  /* remember _what_ is supposed to have been resolved. */
1882  tor_snprintf(socks->address, sizeof(socks->address), "REVERSE[%s]",
1883  out->orig_address);
1884  connection_ap_handshake_socks_resolved(conn, RESOLVED_TYPE_HOSTNAME,
1885  strlen(result), (uint8_t*)result,
1886  -1,
1887  out->map_expires);
1888  tor_free(result);
1889  out->end_reason = END_STREAM_REASON_DONE |
1891  out->should_close = 1;
1892  return;
1893  }
1894 
1895  /* Hang on, did we find an answer saying that this is a reverse lookup for
1896  * an internal address? If so, we should reject it if we're configured to
1897  * do so. */
1898  if (options->ClientDNSRejectInternalAddresses) {
1899  /* Don't let clients try to do a reverse lookup on 10.0.0.1. */
1900  tor_addr_t addr;
1901  int ok;
1903  &addr, socks->address, AF_UNSPEC, 1);
1904  if (ok == 1 && tor_addr_is_internal(&addr, 0)) {
1905  connection_ap_handshake_socks_resolved(conn, RESOLVED_TYPE_ERROR,
1906  0, NULL, -1, TIME_MAX);
1907  out->end_reason = END_STREAM_REASON_SOCKSPROTOCOL |
1909  out->should_close = 1;
1910  return;
1911  }
1912  }
1913  }
1914 
1915  /* If we didn't automap it before, then this is still the address that
1916  * came straight from the user, mapped according to any
1917  * MapAddress/MAPADDRESS commands. Now apply other mappings,
1918  * including previously registered Automap entries (IP back to
1919  * hostname), TrackHostExits entries, and client-side DNS cache
1920  * entries (if they're turned on).
1921  */
1922  if (socks->command != SOCKS_COMMAND_RESOLVE_PTR &&
1923  !out->automap) {
1924  unsigned rewrite_flags = AMR_FLAG_USE_AUTOMAP | AMR_FLAG_USE_TRACKEXIT;
1925  addressmap_entry_source_t exit_source2;
1926  if (conn->entry_cfg.use_cached_ipv4_answers)
1927  rewrite_flags |= AMR_FLAG_USE_IPV4_DNS;
1928  if (conn->entry_cfg.use_cached_ipv6_answers)
1929  rewrite_flags |= AMR_FLAG_USE_IPV6_DNS;
1930  if (addressmap_rewrite(socks->address, sizeof(socks->address),
1931  rewrite_flags, &out->map_expires, &exit_source2)) {
1932  control_event_stream_status(conn, STREAM_EVENT_REMAP,
1934  }
1935  if (out->exit_source == ADDRMAPSRC_NONE) {
1936  /* If it wasn't a .exit before, maybe it turned into a .exit. Remember
1937  * the original source of a .exit. */
1938  out->exit_source = exit_source2;
1939  }
1940  }
1941 
1942  /* Check to see whether we're about to use an address in the virtual
1943  * range without actually having gotten it from an Automap. */
1944  if (!out->automap && address_is_in_virtual_range(socks->address)) {
1945  /* This address was probably handed out by
1946  * client_dns_get_unmapped_address, but the mapping was discarded for some
1947  * reason. Or the user typed in a virtual address range manually. We
1948  * *don't* want to send the address through Tor; that's likely to fail,
1949  * and may leak information.
1950  */
1951  log_warn(LD_APP,"Missing mapping for virtual address '%s'. Refusing.",
1952  safe_str_client(socks->address));
1953  out->end_reason = END_STREAM_REASON_INTERNAL;
1954  out->should_close = 1;
1955  return;
1956  }
1957 }
1958 
1959 /** We just received a SOCKS request in <b>conn</b> to a v3 onion. Start
1960  * connecting to the onion service. */
1961 static int
1963  socks_request_t *socks,
1964  origin_circuit_t *circ)
1965 {
1966  int retval;
1967  time_t now = approx_time();
1968  connection_t *base_conn = ENTRY_TO_CONN(conn);
1969 
1970  /* If .onion address requests are disabled, refuse the request */
1971  if (!conn->entry_cfg.onion_traffic) {
1972  log_warn(LD_APP, "Onion address %s requested from a port with .onion "
1973  "disabled", safe_str_client(socks->address));
1974  connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
1975  return -1;
1976  }
1977 
1978  /* Check whether it's RESOLVE or RESOLVE_PTR. We don't handle those
1979  * for hidden service addresses. */
1980  if (SOCKS_COMMAND_IS_RESOLVE(socks->command)) {
1981  /* if it's a resolve request, fail it right now, rather than
1982  * building all the circuits and then realizing it won't work. */
1983  log_warn(LD_APP,
1984  "Resolve requests to hidden services not allowed. Failing.");
1985  connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_ERROR,
1986  0,NULL,-1,TIME_MAX);
1987  connection_mark_unattached_ap(conn,
1990  return -1;
1991  }
1992 
1993  /* If we were passed a circuit, then we need to fail. .onion addresses
1994  * only work when we launch our own circuits for now. */
1995  if (circ) {
1996  log_warn(LD_CONTROL, "Attachstream to a circuit is not "
1997  "supported for .onion addresses currently. Failing.");
1998  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
1999  return -1;
2000  }
2001 
2002  int descriptor_is_usable = 0;
2003 
2004  /* Create HS conn identifier with HS pubkey */
2005  hs_ident_edge_conn_t *hs_conn_ident =
2006  tor_malloc_zero(sizeof(hs_ident_edge_conn_t));
2007 
2008  retval = hs_parse_address(socks->address, &hs_conn_ident->identity_pk,
2009  NULL, NULL);
2010  if (retval < 0) {
2011  log_warn(LD_GENERAL, "failed to parse hs address");
2012  tor_free(hs_conn_ident);
2013  return -1;
2014  }
2015  ENTRY_TO_EDGE_CONN(conn)->hs_ident = hs_conn_ident;
2016 
2017  /* Check the v3 desc cache */
2018  const hs_descriptor_t *cached_desc = NULL;
2019  unsigned int refetch_desc = 0;
2020  cached_desc = hs_cache_lookup_as_client(&hs_conn_ident->identity_pk);
2021  if (cached_desc) {
2022  descriptor_is_usable =
2024  cached_desc);
2025  log_info(LD_GENERAL, "Found %s descriptor in cache for %s. %s.",
2026  (descriptor_is_usable) ? "usable" : "unusable",
2027  safe_str_client(socks->address),
2028  (descriptor_is_usable) ? "Not fetching." : "Refetching.");
2029  } else {
2030  /* We couldn't find this descriptor; we should look it up. */
2031  log_info(LD_REND, "No descriptor found in our cache for %s. Fetching.",
2032  safe_str_client(socks->address));
2033  refetch_desc = 1;
2034  }
2035 
2036  /* Help predict that we'll want to do hidden service circuits in the
2037  * future. We're not sure if it will need a stable circuit yet, but
2038  * we know we'll need *something*. */
2039  rep_hist_note_used_internal(now, 0, 1);
2040 
2041  /* Now we have a descriptor but is it usable or not? If not, refetch.
2042  * Also, a fetch could have been requested if the onion address was not
2043  * found in the cache previously. */
2044  if (refetch_desc || !descriptor_is_usable) {
2045  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
2047  base_conn->state = AP_CONN_STATE_RENDDESC_WAIT;
2048  tor_assert(edge_conn->hs_ident);
2049  /* Attempt to fetch the hsv3 descriptor. Check the retval to see how it
2050  * went and act accordingly. */
2051  int ret = hs_client_refetch_hsdesc(&edge_conn->hs_ident->identity_pk);
2052  switch (ret) {
2054  /* Keeping the connection in descriptor wait state is fine because
2055  * once we get enough dirinfo or a new live consensus, the HS client
2056  * subsystem is notified and every connection in that state will
2057  * trigger a fetch for the service key. */
2061  return 0;
2062  case HS_CLIENT_FETCH_ERROR:
2065  /* Can't proceed further and better close the SOCKS request. */
2066  return -1;
2067  }
2068  }
2069 
2070  /* We have the descriptor! So launch a connection to the HS. */
2071  log_info(LD_REND, "Descriptor is here. Great.");
2072 
2073  base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
2074  /* We'll try to attach it at the next event loop, or whenever
2075  * we call connection_ap_attach_pending() */
2076  connection_ap_mark_as_pending_circuit(conn);
2077  return 0;
2078 }
2079 
2080 /** Connection <b>conn</b> just finished its socks handshake, or the
2081  * controller asked us to take care of it. If <b>circ</b> is defined,
2082  * then that's where we'll want to attach it. Otherwise we have to
2083  * figure it out ourselves.
2084  *
2085  * First, parse whether it's a .exit address, remap it, and so on. Then
2086  * if it's for a general circuit, try to attach it to a circuit (or launch
2087  * one as needed), else if it's for a rendezvous circuit, fetch a
2088  * rendezvous descriptor first (or attach/launch a circuit if the
2089  * rendezvous descriptor is already here and fresh enough).
2090  *
2091  * The stream will exit from the hop
2092  * indicated by <b>cpath</b>, or from the last hop in circ's cpath if
2093  * <b>cpath</b> is NULL.
2094  */
2095 int
2097  origin_circuit_t *circ,
2098  crypt_path_t *cpath)
2099 {
2100  socks_request_t *socks = conn->socks_request;
2101  const or_options_t *options = get_options();
2102  connection_t *base_conn = ENTRY_TO_CONN(conn);
2103  time_t now = time(NULL);
2104  rewrite_result_t rr;
2105 
2106  /* First we'll do the rewrite part. Let's see if we get a reasonable
2107  * answer.
2108  */
2109  memset(&rr, 0, sizeof(rr));
2110  connection_ap_handshake_rewrite(conn,&rr);
2111 
2112  if (rr.should_close) {
2113  /* connection_ap_handshake_rewrite told us to close the connection:
2114  * either because it sent back an answer, or because it sent back an
2115  * error */
2116  connection_mark_unattached_ap(conn, rr.end_reason);
2117  if (END_STREAM_REASON_DONE == (rr.end_reason & END_STREAM_REASON_MASK))
2118  return 0;
2119  else
2120  return -1;
2121  }
2122 
2123  const time_t map_expires = rr.map_expires;
2124  const int automap = rr.automap;
2125  const addressmap_entry_source_t exit_source = rr.exit_source;
2126 
2127  /* Now see whether the hostname is bogus. This could happen because of an
2128  * onion hostname whose format we don't recognize. */
2129  hostname_type_t addresstype;
2130  if (!parse_extended_hostname(socks->address, &addresstype)) {
2131  control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
2132  escaped(socks->address));
2133  if (addresstype == BAD_HOSTNAME) {
2134  conn->socks_request->socks_extended_error_code = SOCKS5_HS_BAD_ADDRESS;
2135  }
2136  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2137  return -1;
2138  }
2139 
2140  /* If this is a .exit hostname, strip off the .name.exit part, and
2141  * see whether we're willing to connect there, and otherwise handle the
2142  * .exit address.
2143  *
2144  * We'll set chosen_exit_name and/or close the connection as appropriate.
2145  */
2146  if (addresstype == EXIT_HOSTNAME) {
2147  /* If StrictNodes is not set, then .exit overrides ExcludeNodes but
2148  * not ExcludeExitNodes. */
2149  routerset_t *excludeset = options->StrictNodes ?
2150  options->ExcludeExitNodesUnion_ : options->ExcludeExitNodes;
2151  const node_t *node = NULL;
2152 
2153  /* If this .exit was added by an AUTOMAP, then it came straight from
2154  * a user. That's not safe. */
2155  if (exit_source == ADDRMAPSRC_AUTOMAP) {
2156  /* Whoops; this one is stale. It must have gotten added earlier?
2157  * (Probably this is not possible, since AllowDotExit no longer
2158  * exists.) */
2159  log_warn(LD_APP,"Stale automapped address for '%s.exit'. Refusing.",
2160  safe_str_client(socks->address));
2161  control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
2162  escaped(socks->address));
2163  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2165  return -1;
2166  }
2167 
2168  /* Double-check to make sure there are no .exits coming from
2169  * impossible/weird sources. */
2170  if (exit_source == ADDRMAPSRC_DNS || exit_source == ADDRMAPSRC_NONE) {
2171  /* It shouldn't be possible to get a .exit address from any of these
2172  * sources. */
2173  log_warn(LD_BUG,"Address '%s.exit', with impossible source for the "
2174  ".exit part. Refusing.",
2175  safe_str_client(socks->address));
2176  control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
2177  escaped(socks->address));
2178  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2179  return -1;
2180  }
2181 
2182  tor_assert(!automap);
2183 
2184  /* Now, find the character before the .(name) part.
2185  * (The ".exit" part got stripped off by "parse_extended_hostname").
2186  *
2187  * We're going to put the exit name into conn->chosen_exit_name, and
2188  * look up a node correspondingly. */
2189  char *s = strrchr(socks->address,'.');
2190  if (s) {
2191  /* The address was of the form "(stuff).(name).exit */
2192  if (s[1] != '\0') {
2193  /* Looks like a real .exit one. */
2194  conn->chosen_exit_name = tor_strdup(s+1);
2195  node = node_get_by_nickname(conn->chosen_exit_name, 0);
2196 
2197  if (exit_source == ADDRMAPSRC_TRACKEXIT) {
2198  /* We 5 tries before it expires the addressmap */
2200  }
2201  *s = 0;
2202  } else {
2203  /* Oops, the address was (stuff)..exit. That's not okay. */
2204  log_warn(LD_APP,"Malformed exit address '%s.exit'. Refusing.",
2205  safe_str_client(socks->address));
2206  control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
2207  escaped(socks->address));
2208  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2209  return -1;
2210  }
2211  } else {
2212  /* It looks like they just asked for "foo.exit". That's a special
2213  * form that means (foo's address).foo.exit. */
2214 
2215  conn->chosen_exit_name = tor_strdup(socks->address);
2216  node = node_get_by_nickname(conn->chosen_exit_name, 0);
2217  if (node) {
2218  *socks->address = 0;
2219  node_get_address_string(node, socks->address, sizeof(socks->address));
2220  }
2221  }
2222 
2223  /* Now make sure that the chosen exit exists... */
2224  if (!node) {
2225  log_warn(LD_APP,
2226  "Unrecognized relay in exit address '%s.exit'. Refusing.",
2227  safe_str_client(socks->address));
2228  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2229  return -1;
2230  }
2231  /* ...and make sure that it isn't excluded. */
2232  if (routerset_contains_node(excludeset, node)) {
2233  log_warn(LD_APP,
2234  "Excluded relay in exit address '%s.exit'. Refusing.",
2235  safe_str_client(socks->address));
2236  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2237  return -1;
2238  }
2239  /* XXXX-1090 Should we also allow foo.bar.exit if ExitNodes is set and
2240  Bar is not listed in it? I say yes, but our revised manpage branch
2241  implies no. */
2242  }
2243 
2244  /* Now, we handle everything that isn't a .onion address. */
2245  if (addresstype != ONION_V3_HOSTNAME && addresstype != ONION_V2_HOSTNAME) {
2246  /* Not a hidden-service request. It's either a hostname or an IP,
2247  * possibly with a .exit that we stripped off. We're going to check
2248  * if we're allowed to connect/resolve there, and then launch the
2249  * appropriate request. */
2250 
2251  /* Check for funny characters in the address. */
2252  if (address_is_invalid_destination(socks->address, 1)) {
2253  control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
2254  escaped(socks->address));
2255  log_warn(LD_APP,
2256  "Destination '%s' seems to be an invalid hostname. Failing.",
2257  safe_str_client(socks->address));
2258  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2259  return -1;
2260  }
2261 
2262  /* socks->address is a non-onion hostname or IP address.
2263  * If we can't do any non-onion requests, refuse the connection.
2264  * If we have a hostname but can't do DNS, refuse the connection.
2265  * If we have an IP address, but we can't use that address family,
2266  * refuse the connection.
2267  *
2268  * If we can do DNS requests, and we can use at least one address family,
2269  * then we have to resolve the address first. Then we'll know if it
2270  * resolves to a usable address family. */
2271 
2272  /* First, check if all non-onion traffic is disabled */
2273  if (!conn->entry_cfg.dns_request && !conn->entry_cfg.ipv4_traffic
2274  && !conn->entry_cfg.ipv6_traffic) {
2275  log_warn(LD_APP, "Refusing to connect to non-hidden-service hostname "
2276  "or IP address %s because Port has OnionTrafficOnly set (or "
2277  "NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic).",
2278  safe_str_client(socks->address));
2279  connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2280  return -1;
2281  }
2282 
2283  /* Then check if we have a hostname or IP address, and whether DNS or
2284  * the IP address family are permitted. Reject if not. */
2285  tor_addr_t dummy_addr;
2286  int socks_family = tor_addr_parse(&dummy_addr, socks->address);
2287  /* family will be -1 for a non-onion hostname that's not an IP */
2288  if (socks_family == -1) {
2289  if (!conn->entry_cfg.dns_request) {
2290  log_warn(LD_APP, "Refusing to connect to hostname %s "
2291  "because Port has NoDNSRequest set.",
2292  safe_str_client(socks->address));
2293  connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2294  return -1;
2295  }
2296  } else if (socks_family == AF_INET) {
2297  if (!conn->entry_cfg.ipv4_traffic) {
2298  log_warn(LD_APP, "Refusing to connect to IPv4 address %s because "
2299  "Port has NoIPv4Traffic set.",
2300  safe_str_client(socks->address));
2301  connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2302  return -1;
2303  }
2304  } else if (socks_family == AF_INET6) {
2305  if (!conn->entry_cfg.ipv6_traffic) {
2306  log_warn(LD_APP, "Refusing to connect to IPv6 address %s because "
2307  "Port has NoIPv6Traffic set.",
2308  safe_str_client(socks->address));
2309  connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2310  return -1;
2311  }
2312  } else {
2313  tor_assert_nonfatal_unreached_once();
2314  }
2315 
2316  /* See if this is a hostname lookup that we can answer immediately.
2317  * (For example, an attempt to look up the IP address for an IP address.)
2318  */
2319  if (socks->command == SOCKS_COMMAND_RESOLVE) {
2320  tor_addr_t answer;
2321  /* Reply to resolves immediately if we can. */
2322  if (tor_addr_parse(&answer, socks->address) >= 0) {/* is it an IP? */
2323  /* remember _what_ is supposed to have been resolved. */
2324  strlcpy(socks->address, rr.orig_address, sizeof(socks->address));
2326  map_expires);
2327  connection_mark_unattached_ap(conn,
2328  END_STREAM_REASON_DONE |
2330  return 0;
2331  }
2332  tor_assert(!automap);
2333  rep_hist_note_used_resolve(now); /* help predict this next time */
2334  } else if (socks->command == SOCKS_COMMAND_CONNECT) {
2335  /* Now see if this is a connect request that we can reject immediately */
2336 
2337  tor_assert(!automap);
2338  /* Don't allow connections to port 0. */
2339  if (socks->port == 0) {
2340  log_notice(LD_APP,"Application asked to connect to port 0. Refusing.");
2341  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2342  return -1;
2343  }
2344  /* You can't make connections to internal addresses, by default.
2345  * Exceptions are begindir requests (where the address is meaningless),
2346  * or cases where you've hand-configured a particular exit, thereby
2347  * making the local address meaningful. */
2348  if (options->ClientRejectInternalAddresses &&
2349  !conn->use_begindir && !conn->chosen_exit_name && !circ) {
2350  /* If we reach this point then we don't want to allow internal
2351  * addresses. Check if we got one. */
2352  tor_addr_t addr;
2353  if (tor_addr_hostname_is_local(socks->address) ||
2354  (tor_addr_parse(&addr, socks->address) >= 0 &&
2355  tor_addr_is_internal(&addr, 0))) {
2356  /* If this is an explicit private address with no chosen exit node,
2357  * then we really don't want to try to connect to it. That's
2358  * probably an error. */
2359  if (conn->is_transparent_ap) {
2360 #define WARN_INTRVL_LOOP 300
2361  static ratelim_t loop_warn_limit = RATELIM_INIT(WARN_INTRVL_LOOP);
2362  char *m;
2363  if ((m = rate_limit_log(&loop_warn_limit, approx_time()))) {
2364  log_warn(LD_NET,
2365  "Rejecting request for anonymous connection to private "
2366  "address %s on a TransPort or NATDPort. Possible loop "
2367  "in your NAT rules?%s", safe_str_client(socks->address),
2368  m);
2369  tor_free(m);
2370  }
2371  } else {
2372 #define WARN_INTRVL_PRIV 300
2373  static ratelim_t priv_warn_limit = RATELIM_INIT(WARN_INTRVL_PRIV);
2374  char *m;
2375  if ((m = rate_limit_log(&priv_warn_limit, approx_time()))) {
2376  log_warn(LD_NET,
2377  "Rejecting SOCKS request for anonymous connection to "
2378  "private address %s.%s",
2379  safe_str_client(socks->address),m);
2380  tor_free(m);
2381  }
2382  }
2383  connection_mark_unattached_ap(conn, END_STREAM_REASON_PRIVATE_ADDR);
2384  return -1;
2385  }
2386  } /* end "if we should check for internal addresses" */
2387 
2388  /* Okay. We're still doing a CONNECT, and it wasn't a private
2389  * address. Here we do special handling for literal IP addresses,
2390  * to see if we should reject this preemptively, and to set up
2391  * fields in conn->entry_cfg to tell the exit what AF we want. */
2392  {
2393  tor_addr_t addr;
2394  /* XXX Duplicate call to tor_addr_parse. */
2395  if (tor_addr_parse(&addr, socks->address) >= 0) {
2396  /* If we reach this point, it's an IPv4 or an IPv6 address. */
2397  sa_family_t family = tor_addr_family(&addr);
2398 
2399  if ((family == AF_INET && ! conn->entry_cfg.ipv4_traffic) ||
2400  (family == AF_INET6 && ! conn->entry_cfg.ipv6_traffic)) {
2401  /* You can't do an IPv4 address on a v6-only socks listener,
2402  * or vice versa. */
2403  log_warn(LD_NET, "Rejecting SOCKS request for an IP address "
2404  "family that this listener does not support.");
2405  connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2406  return -1;
2407  } else if (family == AF_INET6 && socks->socks_version == 4) {
2408  /* You can't make a socks4 request to an IPv6 address. Socks4
2409  * doesn't support that. */
2410  log_warn(LD_NET, "Rejecting SOCKS4 request for an IPv6 address.");
2411  connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2412  return -1;
2413  } else if (socks->socks_version == 4 &&
2414  !conn->entry_cfg.ipv4_traffic) {
2415  /* You can't do any kind of Socks4 request when IPv4 is forbidden.
2416  *
2417  * XXX raise this check outside the enclosing block? */
2418  log_warn(LD_NET, "Rejecting SOCKS4 request on a listener with "
2419  "no IPv4 traffic supported.");
2420  connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
2421  return -1;
2422  } else if (family == AF_INET6) {
2423  /* Tell the exit: we won't accept any ipv4 connection to an IPv6
2424  * address. */
2425  conn->entry_cfg.ipv4_traffic = 0;
2426  } else if (family == AF_INET) {
2427  /* Tell the exit: we won't accept any ipv6 connection to an IPv4
2428  * address. */
2429  conn->entry_cfg.ipv6_traffic = 0;
2430  }
2431 
2432  /* Next, yet another check: we know it's a direct IP address. Is it
2433  * the IP address of a known relay and its ORPort, or of a directory
2434  * authority and its OR or Dir Port? If so, and if a consensus param
2435  * says to, then exit relays will refuse this request (see ticket
2436  * 2667 for details). Let's just refuse it locally right now, to
2437  * save time and network load but also to give the user a more
2438  * useful log message. */
2439  if (!network_reentry_is_allowed() &&
2440  nodelist_reentry_contains(&addr, socks->port)) {
2441  log_warn(LD_APP, "Not attempting connection to %s:%d because "
2442  "the network would reject it. Are you trying to send "
2443  "Tor traffic over Tor? This traffic can be harmful to "
2444  "the Tor network. If you really need it, try using "
2445  "a bridge as a workaround.",
2446  safe_str_client(socks->address), socks->port);
2447  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2448  return -1;
2449  }
2450  }
2451  }
2452 
2453  /* we never allow IPv6 answers on socks4. (TODO: Is this smart?) */
2454  if (socks->socks_version == 4)
2455  conn->entry_cfg.ipv6_traffic = 0;
2456 
2457  /* Still handling CONNECT. Now, check for exit enclaves. (Which we
2458  * don't do on BEGIN_DIR, or when there is a chosen exit.)
2459  *
2460  * TODO: Should we remove this? Exit enclaves are nutty and don't
2461  * work very well
2462  */
2463  if (!conn->use_begindir && !conn->chosen_exit_name && !circ) {
2464  /* see if we can find a suitable enclave exit */
2465  const node_t *r =
2467  if (r) {
2468  log_info(LD_APP,
2469  "Redirecting address %s to exit at enclave router %s",
2470  safe_str_client(socks->address), node_describe(r));
2471  /* use the hex digest, not nickname, in case there are two
2472  routers with this nickname */
2473  conn->chosen_exit_name =
2474  tor_strdup(hex_str(r->identity, DIGEST_LEN));
2475  conn->chosen_exit_optional = 1;
2476  }
2477  }
2478 
2479  /* Still handling CONNECT: warn or reject if it's using a dangerous
2480  * port. */
2481  if (!conn->use_begindir && !conn->chosen_exit_name && !circ)
2482  if (consider_plaintext_ports(conn, socks->port) < 0)
2483  return -1;
2484 
2485  /* Remember the port so that we will predict that more requests
2486  there will happen in the future. */
2487  if (!conn->use_begindir) {
2488  /* help predict this next time */
2489  rep_hist_note_used_port(now, socks->port);
2490  }
2491  } else if (socks->command == SOCKS_COMMAND_RESOLVE_PTR) {
2492  rep_hist_note_used_resolve(now); /* help predict this next time */
2493  /* no extra processing needed */
2494  } else {
2495  /* We should only be doing CONNECT, RESOLVE, or RESOLVE_PTR! */
2497  }
2498 
2499  /* Okay. At this point we've set chosen_exit_name if needed, rewritten the
2500  * address, and decided not to reject it for any number of reasons. Now
2501  * mark the connection as waiting for a circuit, and try to attach it!
2502  */
2503  base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
2504 
2505  /* If we were given a circuit to attach to, try to attach. Otherwise,
2506  * try to find a good one and attach to that. */
2507  int rv;
2508  if (circ) {
2509  rv = connection_ap_handshake_attach_chosen_circuit(conn, circ, cpath);
2510  } else {
2511  /* We'll try to attach it at the next event loop, or whenever
2512  * we call connection_ap_attach_pending() */
2513  connection_ap_mark_as_pending_circuit(conn);
2514  rv = 0;
2515  }
2516 
2517  /* If the above function returned 0 then we're waiting for a circuit.
2518  * if it returned 1, we're attached. Both are okay. But if it returned
2519  * -1, there was an error, so make sure the connection is marked, and
2520  * return -1. */
2521  if (rv < 0) {
2522  if (!base_conn->marked_for_close)
2523  connection_mark_unattached_ap(conn, END_STREAM_REASON_CANT_ATTACH);
2524  return -1;
2525  }
2526 
2527  return 0;
2528  } else {
2529  /* If we get here, it's a request for a .onion address! */
2530 
2531  /* We don't support v2 onions anymore. Log a warning and bail. */
2532  if (addresstype == ONION_V2_HOSTNAME) {
2533  log_warn(LD_PROTOCOL, "Tried to connect to a v2 onion address, but this "
2534  "version of Tor no longer supports them. Please encourage the "
2535  "site operator to upgrade. For more information see "
2536  "https://blog.torproject.org/v2-deprecation-timeline.");
2537  control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
2538  escaped(socks->address));
2539  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
2540  return -1;
2541  }
2542 
2543  tor_assert(addresstype == ONION_V3_HOSTNAME);
2544  tor_assert(!automap);
2545  return connection_ap_handle_onion(conn, socks, circ);
2546  }
2547 
2548  return 0; /* unreached but keeps the compiler happy */
2549 }
2550 
2551 #ifdef TRANS_PF
2552 static int pf_socket = -1;
2553 int
2554 get_pf_socket(void)
2555 {
2556  int pf;
2557  /* This should be opened before dropping privileges. */
2558  if (pf_socket >= 0)
2559  return pf_socket;
2560 
2561 #if defined(OpenBSD)
2562  /* only works on OpenBSD */
2563  pf = tor_open_cloexec("/dev/pf", O_RDONLY, 0);
2564 #else
2565  /* works on NetBSD and FreeBSD */
2566  pf = tor_open_cloexec("/dev/pf", O_RDWR, 0);
2567 #endif /* defined(OpenBSD) */
2568 
2569  if (pf < 0) {
2570  log_warn(LD_NET, "open(\"/dev/pf\") failed: %s", strerror(errno));
2571  return -1;
2572  }
2573 
2574  pf_socket = pf;
2575  return pf_socket;
2576 }
2577 #endif /* defined(TRANS_PF) */
2578 
2579 #if defined(TRANS_NETFILTER) || defined(TRANS_PF) || \
2580  defined(TRANS_TPROXY)
2581 /** Try fill in the address of <b>req</b> from the socket configured
2582  * with <b>conn</b>. */
2583 static int
2584 destination_from_socket(entry_connection_t *conn, socks_request_t *req)
2585 {
2586  struct sockaddr_storage orig_dst;
2587  socklen_t orig_dst_len = sizeof(orig_dst);
2588  tor_addr_t addr;
2589 
2590 #ifdef TRANS_TPROXY
2591  if (get_options()->TransProxyType_parsed == TPT_TPROXY) {
2592  if (getsockname(ENTRY_TO_CONN(conn)->s, (struct sockaddr*)&orig_dst,
2593  &orig_dst_len) < 0) {
2594  int e = tor_socket_errno(ENTRY_TO_CONN(conn)->s);
2595  log_warn(LD_NET, "getsockname() failed: %s", tor_socket_strerror(e));
2596  return -1;
2597  }
2598  goto done;
2599  }
2600 #endif /* defined(TRANS_TPROXY) */
2601 
2602 #ifdef TRANS_NETFILTER
2603  int rv = -1;
2604  switch (ENTRY_TO_CONN(conn)->socket_family) {
2605 #ifdef TRANS_NETFILTER_IPV4
2606  case AF_INET:
2607  rv = getsockopt(ENTRY_TO_CONN(conn)->s, SOL_IP, SO_ORIGINAL_DST,
2608  (struct sockaddr*)&orig_dst, &orig_dst_len);
2609  break;
2610 #endif /* defined(TRANS_NETFILTER_IPV4) */
2611 #ifdef TRANS_NETFILTER_IPV6
2612  case AF_INET6:
2613  rv = getsockopt(ENTRY_TO_CONN(conn)->s, SOL_IPV6, IP6T_SO_ORIGINAL_DST,
2614  (struct sockaddr*)&orig_dst, &orig_dst_len);
2615  break;
2616 #endif /* defined(TRANS_NETFILTER_IPV6) */
2617  default:
2618  log_warn(LD_BUG, "Received transparent data from an unsupported "
2619  "socket family %d",
2620  ENTRY_TO_CONN(conn)->socket_family);
2621  return -1;
2622  }
2623  if (rv < 0) {
2624  int e = tor_socket_errno(ENTRY_TO_CONN(conn)->s);
2625  log_warn(LD_NET, "getsockopt() failed: %s", tor_socket_strerror(e));
2626  return -1;
2627  }
2628  goto done;
2629 #elif defined(TRANS_PF)
2630  if (getsockname(ENTRY_TO_CONN(conn)->s, (struct sockaddr*)&orig_dst,
2631  &orig_dst_len) < 0) {
2632  int e = tor_socket_errno(ENTRY_TO_CONN(conn)->s);
2633  log_warn(LD_NET, "getsockname() failed: %s", tor_socket_strerror(e));
2634  return -1;
2635  }
2636  goto done;
2637 #else
2638  (void)conn;
2639  (void)req;
2640  log_warn(LD_BUG, "Unable to determine destination from socket.");
2641  return -1;
2642 #endif /* defined(TRANS_NETFILTER) || ... */
2643 
2644  done:
2645  tor_addr_from_sockaddr(&addr, (struct sockaddr*)&orig_dst, &req->port);
2646  tor_addr_to_str(req->address, &addr, sizeof(req->address), 1);
2647 
2648  return 0;
2649 }
2650 #endif /* defined(TRANS_NETFILTER) || defined(TRANS_PF) || ... */
2651 
2652 #ifdef TRANS_PF
2653 static int
2654 destination_from_pf(entry_connection_t *conn, socks_request_t *req)
2655 {
2656  struct sockaddr_storage proxy_addr;
2657  socklen_t proxy_addr_len = sizeof(proxy_addr);
2658  struct sockaddr *proxy_sa = (struct sockaddr*) &proxy_addr;
2659  struct pfioc_natlook pnl;
2660  tor_addr_t addr;
2661  int pf = -1;
2662 
2663  if (getsockname(ENTRY_TO_CONN(conn)->s, (struct sockaddr*)&proxy_addr,
2664  &proxy_addr_len) < 0) {
2665  int e = tor_socket_errno(ENTRY_TO_CONN(conn)->s);
2666  log_warn(LD_NET, "getsockname() to determine transocks destination "
2667  "failed: %s", tor_socket_strerror(e));
2668  return -1;
2669  }
2670 
2671 #ifdef __FreeBSD__
2672  if (get_options()->TransProxyType_parsed == TPT_IPFW) {
2673  /* ipfw(8) is used and in this case getsockname returned the original
2674  destination */
2675  if (tor_addr_from_sockaddr(&addr, proxy_sa, &req->port) < 0) {
2677  return -1;
2678  }
2679 
2680  tor_addr_to_str(req->address, &addr, sizeof(req->address), 0);
2681 
2682  return 0;
2683  }
2684 #endif /* defined(__FreeBSD__) */
2685 
2686  memset(&pnl, 0, sizeof(pnl));
2687  pnl.proto = IPPROTO_TCP;
2688  pnl.direction = PF_OUT;
2689  if (proxy_sa->sa_family == AF_INET) {
2690  struct sockaddr_in *sin = (struct sockaddr_in *)proxy_sa;
2691  pnl.af = AF_INET;
2692  pnl.saddr.v4.s_addr = tor_addr_to_ipv4n(&ENTRY_TO_CONN(conn)->addr);
2693  pnl.sport = htons(ENTRY_TO_CONN(conn)->port);
2694  pnl.daddr.v4.s_addr = sin->sin_addr.s_addr;
2695  pnl.dport = sin->sin_port;
2696  } else if (proxy_sa->sa_family == AF_INET6) {
2697  struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)proxy_sa;
2698  pnl.af = AF_INET6;
2699  const struct in6_addr *dest_in6 =
2700  tor_addr_to_in6(&ENTRY_TO_CONN(conn)->addr);
2701  if (BUG(!dest_in6))
2702  return -1;
2703  memcpy(&pnl.saddr.v6, dest_in6, sizeof(struct in6_addr));
2704  pnl.sport = htons(ENTRY_TO_CONN(conn)->port);
2705  memcpy(&pnl.daddr.v6, &sin6->sin6_addr, sizeof(struct in6_addr));
2706  pnl.dport = sin6->sin6_port;
2707  } else {
2708  log_warn(LD_NET, "getsockname() gave an unexpected address family (%d)",
2709  (int)proxy_sa->sa_family);
2710  return -1;
2711  }
2712 
2713  pf = get_pf_socket();
2714  if (pf<0)
2715  return -1;
2716 
2717  if (ioctl(pf, DIOCNATLOOK, &pnl) < 0) {
2718  log_warn(LD_NET, "ioctl(DIOCNATLOOK) failed: %s", strerror(errno));
2719  return -1;
2720  }
2721 
2722  if (pnl.af == AF_INET) {
2723  tor_addr_from_ipv4n(&addr, pnl.rdaddr.v4.s_addr);
2724  } else if (pnl.af == AF_INET6) {
2725  tor_addr_from_in6(&addr, &pnl.rdaddr.v6);
2726  } else {
2728  return -1;
2729  }
2730 
2731  tor_addr_to_str(req->address, &addr, sizeof(req->address), 1);
2732  req->port = ntohs(pnl.rdport);
2733 
2734  return 0;
2735 }
2736 #endif /* defined(TRANS_PF) */
2737 
2738 /** Fetch the original destination address and port from a
2739  * system-specific interface and put them into a
2740  * socks_request_t as if they came from a socks request.
2741  *
2742  * Return -1 if an error prevents fetching the destination,
2743  * else return 0.
2744  */
2745 static int
2747  socks_request_t *req)
2748 {
2749 #ifdef TRANS_NETFILTER
2750  return destination_from_socket(conn, req);
2751 #elif defined(TRANS_PF)
2752  const or_options_t *options = get_options();
2753 
2754  if (options->TransProxyType_parsed == TPT_PF_DIVERT)
2755  return destination_from_socket(conn, req);
2756 
2757  if (options->TransProxyType_parsed == TPT_DEFAULT ||
2758  options->TransProxyType_parsed == TPT_IPFW)
2759  return destination_from_pf(conn, req);
2760 
2761  (void)conn;
2762  (void)req;
2763  log_warn(LD_BUG, "Proxy destination determination mechanism %s unknown.",
2764  options->TransProxyType);
2765  return -1;
2766 #else
2767  (void)conn;
2768  (void)req;
2769  log_warn(LD_BUG, "Called connection_ap_get_original_destination, but no "
2770  "transparent proxy method was configured.");
2771  return -1;
2772 #endif /* defined(TRANS_NETFILTER) || ... */
2773 }
2774 
2775 /** connection_edge_process_inbuf() found a conn in state
2776  * socks_wait. See if conn->inbuf has the right bytes to proceed with
2777  * the socks handshake.
2778  *
2779  * If the handshake is complete, send it to
2780  * connection_ap_handshake_rewrite_and_attach().
2781  *
2782  * Return -1 if an unexpected error with conn occurs (and mark it for close),
2783  * else return 0.
2784  */
2785 static int
2787 {
2788  socks_request_t *socks;
2789  int sockshere;
2790  const or_options_t *options = get_options();
2791  int had_reply = 0;
2792  connection_t *base_conn = ENTRY_TO_CONN(conn);
2793 
2794  tor_assert(conn);
2795  tor_assert(base_conn->type == CONN_TYPE_AP);
2796  tor_assert(base_conn->state == AP_CONN_STATE_SOCKS_WAIT);
2797  tor_assert(conn->socks_request);
2798  socks = conn->socks_request;
2799 
2800  log_debug(LD_APP,"entered.");
2801 
2802  sockshere = fetch_from_buf_socks(base_conn->inbuf, socks,
2803  options->TestSocks, options->SafeSocks);
2804 
2805  if (socks->replylen) {
2806  had_reply = 1;
2807  connection_buf_add((const char*)socks->reply, socks->replylen,
2808  base_conn);
2809  socks->replylen = 0;
2810  if (sockshere == -1) {
2811  /* An invalid request just got a reply, no additional
2812  * one is necessary. */
2813  socks->has_finished = 1;
2814  }
2815  }
2816 
2817  if (sockshere == 0) {
2818  log_debug(LD_APP,"socks handshake not all here yet.");
2819  return 0;
2820  } else if (sockshere == -1) {
2821  if (!had_reply) {
2822  log_warn(LD_APP,"Fetching socks handshake failed. Closing.");
2825  }
2826  connection_mark_unattached_ap(conn,
2829  return -1;
2830  } /* else socks handshake is done, continue processing */
2831 
2832  if (SOCKS_COMMAND_IS_CONNECT(socks->command))
2833  control_event_stream_status(conn, STREAM_EVENT_NEW, 0);
2834  else
2835  control_event_stream_status(conn, STREAM_EVENT_NEW_RESOLVE, 0);
2836 
2837  return connection_ap_rewrite_and_attach_if_allowed(conn, NULL, NULL);
2838 }
2839 
2840 /** connection_init_accepted_conn() found a new trans AP conn.
2841  * Get the original destination and send it to
2842  * connection_ap_handshake_rewrite_and_attach().
2843  *
2844  * Return -1 if an unexpected error with conn (and it should be marked
2845  * for close), else return 0.
2846  */
2847 int
2849 {
2850  socks_request_t *socks;
2851 
2852  tor_assert(conn);
2853  tor_assert(conn->socks_request);
2854  socks = conn->socks_request;
2855 
2856  /* pretend that a socks handshake completed so we don't try to
2857  * send a socks reply down a transparent conn */
2858  socks->command = SOCKS_COMMAND_CONNECT;
2859  socks->has_finished = 1;
2860 
2861  log_debug(LD_APP,"entered.");
2862 
2863  if (connection_ap_get_original_destination(conn, socks) < 0) {
2864  log_warn(LD_APP,"Fetching original destination failed. Closing.");
2865  connection_mark_unattached_ap(conn,
2867  return -1;
2868  }
2869  /* we have the original destination */
2870 
2871  control_event_stream_status(conn, STREAM_EVENT_NEW, 0);
2872 
2873  return connection_ap_rewrite_and_attach_if_allowed(conn, NULL, NULL);
2874 }
2875 
2876 /** connection_edge_process_inbuf() found a conn in state natd_wait. See if
2877  * conn->inbuf has the right bytes to proceed. See FreeBSD's libalias(3) and
2878  * ProxyEncodeTcpStream() in src/lib/libalias/alias_proxy.c for the encoding
2879  * form of the original destination.
2880  *
2881  * If the original destination is complete, send it to
2882  * connection_ap_handshake_rewrite_and_attach().
2883  *
2884  * Return -1 if an unexpected error with conn (and it should be marked
2885  * for close), else return 0.
2886  */
2887 static int
2889 {
2890  char tmp_buf[36], *tbuf, *daddr;
2891  size_t tlen = 30;
2892  int err, port_ok;
2893  socks_request_t *socks;
2894 
2895  tor_assert(conn);
2897  tor_assert(conn->socks_request);
2898  socks = conn->socks_request;
2899 
2900  log_debug(LD_APP,"entered.");
2901 
2902  /* look for LF-terminated "[DEST ip_addr port]"
2903  * where ip_addr is a dotted-quad and port is in string form */
2904  err = connection_buf_get_line(ENTRY_TO_CONN(conn), tmp_buf, &tlen);
2905  if (err == 0)
2906  return 0;
2907  if (err < 0) {
2908  log_warn(LD_APP,"NATD handshake failed (DEST too long). Closing");
2909  connection_mark_unattached_ap(conn, END_STREAM_REASON_INVALID_NATD_DEST);
2910  return -1;
2911  }
2912 
2913  if (strcmpstart(tmp_buf, "[DEST ")) {
2914  log_warn(LD_APP,"NATD handshake was ill-formed; closing. The client "
2915  "said: %s",
2916  escaped(tmp_buf));
2917  connection_mark_unattached_ap(conn, END_STREAM_REASON_INVALID_NATD_DEST);
2918  return -1;
2919  }
2920 
2921  daddr = tbuf = &tmp_buf[0] + 6; /* after end of "[DEST " */
2922  if (!(tbuf = strchr(tbuf, ' '))) {
2923  log_warn(LD_APP,"NATD handshake was ill-formed; closing. The client "
2924  "said: %s",
2925  escaped(tmp_buf));
2926  connection_mark_unattached_ap(conn, END_STREAM_REASON_INVALID_NATD_DEST);
2927  return -1;
2928  }
2929  *tbuf++ = '\0';
2930 
2931  /* pretend that a socks handshake completed so we don't try to
2932  * send a socks reply down a natd conn */
2933  strlcpy(socks->address, daddr, sizeof(socks->address));
2934  socks->port = (uint16_t)
2935  tor_parse_long(tbuf, 10, 1, 65535, &port_ok, &daddr);
2936  if (!port_ok) {
2937  log_warn(LD_APP,"NATD handshake failed; port %s is ill-formed or out "
2938  "of range.", escaped(tbuf));
2939  connection_mark_unattached_ap(conn, END_STREAM_REASON_INVALID_NATD_DEST);
2940  return -1;
2941  }
2942 
2943  socks->command = SOCKS_COMMAND_CONNECT;
2944  socks->has_finished = 1;
2945 
2946  control_event_stream_status(conn, STREAM_EVENT_NEW, 0);
2947 
2949 
2950  return connection_ap_rewrite_and_attach_if_allowed(conn, NULL, NULL);
2951 }
2952 
2953 static const char HTTP_CONNECT_IS_NOT_AN_HTTP_PROXY_MSG[] =
2954  "HTTP/1.0 405 Method Not Allowed\r\n"
2955  "Content-Type: text/html; charset=iso-8859-1\r\n\r\n"
2956  "<html>\n"
2957  "<head>\n"
2958  "<title>This is an HTTP CONNECT tunnel, not a full HTTP Proxy</title>\n"
2959  "</head>\n"
2960  "<body>\n"
2961  "<h1>This is an HTTP CONNECT tunnel, not an HTTP proxy.</h1>\n"
2962  "<p>\n"
2963  "It appears you have configured your web browser to use this Tor port as\n"
2964  "an HTTP proxy.\n"
2965  "</p><p>\n"
2966  "This is not correct: This port is configured as a CONNECT tunnel, not\n"
2967  "an HTTP proxy. Please configure your client accordingly. You can also\n"
2968  "use HTTPS; then the client should automatically use HTTP CONNECT."
2969  "</p>\n"
2970  "<p>\n"
2971  "See <a href=\"https://www.torproject.org/documentation.html\">"
2972  "https://www.torproject.org/documentation.html</a> for more "
2973  "information.\n"
2974  "</p>\n"
2975  "</body>\n"
2976  "</html>\n";
2977 
2978 /** Called on an HTTP CONNECT entry connection when some bytes have arrived,
2979  * but we have not yet received a full HTTP CONNECT request. Try to parse an
2980  * HTTP CONNECT request from the connection's inbuf. On success, set up the
2981  * connection's socks_request field and try to attach the connection. On
2982  * failure, send an HTTP reply, and mark the connection.
2983  */
2984 STATIC int
2986 {
2987  if (BUG(ENTRY_TO_CONN(conn)->state != AP_CONN_STATE_HTTP_CONNECT_WAIT))
2988  return -1;
2989 
2990  char *headers = NULL, *body = NULL;
2991  char *command = NULL, *addrport = NULL;
2992  char *addr = NULL;
2993  size_t bodylen = 0;
2994 
2995  const char *errmsg = NULL;
2996  int rv = 0;
2997 
2998  const int http_status =
2999  fetch_from_buf_http(ENTRY_TO_CONN(conn)->inbuf, &headers, 8192,
3000  &body, &bodylen, 1024, 0);
3001  if (http_status < 0) {
3002  /* Bad http status */
3003  errmsg = "HTTP/1.0 400 Bad Request\r\n\r\n";
3004  goto err;
3005  } else if (http_status == 0) {
3006  /* no HTTP request yet. */
3007  goto done;
3008  }
3009 
3010  const int cmd_status = parse_http_command(headers, &command, &addrport);
3011  if (cmd_status < 0) {
3012  errmsg = "HTTP/1.0 400 Bad Request\r\n\r\n";
3013  goto err;
3014  }
3016  tor_assert(addrport);
3017  if (strcasecmp(command, "connect")) {
3018  errmsg = HTTP_CONNECT_IS_NOT_AN_HTTP_PROXY_MSG;
3019  goto err;
3020  }
3021 
3022  tor_assert(conn->socks_request);
3023  socks_request_t *socks = conn->socks_request;
3024  uint16_t port;
3025  if (tor_addr_port_split(LOG_WARN, addrport, &addr, &port) < 0) {
3026  errmsg = "HTTP/1.0 400 Bad Request\r\n\r\n";
3027  goto err;
3028  }
3029  if (strlen(addr) >= MAX_SOCKS_ADDR_LEN) {
3030  errmsg = "HTTP/1.0 414 Request-URI Too Long\r\n\r\n";
3031  goto err;
3032  }
3033 
3034  /* Abuse the 'username' and 'password' fields here. They are already an
3035  * abuse. */
3036  {
3037  char *authorization = http_get_header(headers, "Proxy-Authorization: ");
3038  if (authorization) {
3039  socks->username = authorization; // steal reference
3040  socks->usernamelen = strlen(authorization);
3041  }
3042  char *isolation = http_get_header(headers, "X-Tor-Stream-Isolation: ");
3043  if (isolation) {
3044  socks->password = isolation; // steal reference
3045  socks->passwordlen = strlen(isolation);
3046  }
3047  }
3048 
3049  socks->command = SOCKS_COMMAND_CONNECT;
3051  strlcpy(socks->address, addr, sizeof(socks->address));
3052  socks->port = port;
3053 
3054  control_event_stream_status(conn, STREAM_EVENT_NEW, 0);
3055 
3056  rv = connection_ap_rewrite_and_attach_if_allowed(conn, NULL, NULL);
3057 
3058  // XXXX send a "100 Continue" message?
3059 
3060  goto done;
3061 
3062  err:
3063  if (BUG(errmsg == NULL))
3064  errmsg = "HTTP/1.0 400 Bad Request\r\n\r\n";
3065  log_info(LD_EDGE, "HTTP tunnel error: saying %s", escaped(errmsg));
3066  connection_buf_add(errmsg, strlen(errmsg), ENTRY_TO_CONN(conn));
3067  /* Mark it as "has_finished" so that we don't try to send an extra socks
3068  * reply. */
3069  conn->socks_request->has_finished = 1;
3070  connection_mark_unattached_ap(conn,
3073 
3074  done:
3075  tor_free(headers);
3076  tor_free(body);
3077  tor_free(command);
3078  tor_free(addrport);
3079  tor_free(addr);
3080  return rv;
3081 }
3082 
3083 /** Iterate over the two bytes of stream_id until we get one that is not
3084  * already in use; return it. Return 0 if can't get a unique stream_id.
3085  */
3086 streamid_t
3088 {
3089  edge_connection_t *tmpconn;
3090  streamid_t test_stream_id;
3091  uint32_t attempts=0;
3092 
3093  again:
3094  test_stream_id = circ->next_stream_id++;
3095  if (++attempts > 1<<16) {
3096  /* Make sure we don't loop forever if all stream_id's are used. */
3097  log_warn(LD_APP,"No unused stream IDs. Failing.");
3098  return 0;
3099  }
3100  if (test_stream_id == 0)
3101  goto again;
3102  for (tmpconn = circ->p_streams; tmpconn; tmpconn=tmpconn->next_stream)
3103  if (tmpconn->stream_id == test_stream_id)
3104  goto again;
3105 
3107  test_stream_id))
3108  goto again;
3109 
3110  return test_stream_id;
3111 }
3112 
3113 /** Return true iff <b>conn</b> is linked to a circuit and configured to use
3114  * an exit that supports optimistic data. */
3115 static int
3117 {
3118  const edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
3119  /* We can only send optimistic data if we're connected to an open
3120  general circuit. */
3121  if (edge_conn->on_circuit == NULL ||
3122  edge_conn->on_circuit->state != CIRCUIT_STATE_OPEN ||
3123  (edge_conn->on_circuit->purpose != CIRCUIT_PURPOSE_C_GENERAL &&
3127  return 0;
3128 
3129  return conn->may_use_optimistic_data;
3130 }
3131 
3132 /** Return a bitmask of BEGIN_FLAG_* flags that we should transmit in the
3133  * RELAY_BEGIN cell for <b>ap_conn</b>. */
3134 static uint32_t
3136 {
3137  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(ap_conn);
3138  const node_t *exitnode = NULL;
3139  const crypt_path_t *cpath_layer = edge_conn->cpath_layer;
3140  uint32_t flags = 0;
3141 
3142  /* No flags for begindir */
3143  if (ap_conn->use_begindir)
3144  return 0;
3145 
3146  /* No flags for hidden services. */
3147  if (edge_conn->on_circuit->purpose != CIRCUIT_PURPOSE_C_GENERAL)
3148  return 0;
3149 
3150  /* If only IPv4 is supported, no flags */
3151  if (ap_conn->entry_cfg.ipv4_traffic && !ap_conn->entry_cfg.ipv6_traffic)
3152  return 0;
3153 
3154  if (! cpath_layer ||
3155  ! cpath_layer->extend_info)
3156  return 0;
3157 
3158  if (!ap_conn->entry_cfg.ipv4_traffic)
3159  flags |= BEGIN_FLAG_IPV4_NOT_OK;
3160 
3161  exitnode = node_get_by_id(cpath_layer->extend_info->identity_digest);
3162 
3163  if (ap_conn->entry_cfg.ipv6_traffic && exitnode) {
3164  tor_addr_t a;
3165  tor_addr_make_null(&a, AF_INET6);
3167  exitnode)
3168  != ADDR_POLICY_REJECTED) {
3169  /* Only say "IPv6 OK" if the exit node supports IPv6. Otherwise there's
3170  * no point. */
3171  flags |= BEGIN_FLAG_IPV6_OK;
3172  }
3173  }
3174 
3175  if (flags == BEGIN_FLAG_IPV6_OK) {
3176  /* When IPv4 and IPv6 are both allowed, consider whether to say we
3177  * prefer IPv6. Otherwise there's no point in declaring a preference */
3178  if (ap_conn->entry_cfg.prefer_ipv6)
3179  flags |= BEGIN_FLAG_IPV6_PREFERRED;
3180  }
3181 
3182  if (flags == BEGIN_FLAG_IPV4_NOT_OK) {
3183  log_warn(LD_EDGE, "I'm about to ask a node for a connection that I "
3184  "am telling it to fulfil with neither IPv4 nor IPv6. That's "
3185  "not going to work. Did you perhaps ask for an IPv6 address "
3186  "on an IPv4Only port, or vice versa?");
3187  }
3188 
3189  return flags;
3190 }
3191 
3192 /** Write a relay begin cell, using destaddr and destport from ap_conn's
3193  * socks_request field, and send it down circ.
3194  *
3195  * If ap_conn is broken, mark it for close and return -1. Else return 0.
3196  */
3197 MOCK_IMPL(int,
3199 {
3200  char payload[CELL_PAYLOAD_SIZE];
3201  int payload_len;
3202  int begin_type;
3203  const or_options_t *options = get_options();
3204  origin_circuit_t *circ;
3205  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(ap_conn);
3206  connection_t *base_conn = TO_CONN(edge_conn);
3207  tor_assert(edge_conn->on_circuit);
3208  circ = TO_ORIGIN_CIRCUIT(edge_conn->on_circuit);
3209 
3210  tor_assert(base_conn->type == CONN_TYPE_AP);
3212  tor_assert(ap_conn->socks_request);
3213  tor_assert(SOCKS_COMMAND_IS_CONNECT(ap_conn->socks_request->command));
3214 
3215  edge_conn->stream_id = get_unique_stream_id_by_circ(circ);
3216  if (edge_conn->stream_id==0) {
3217  /* XXXX+ Instead of closing this stream, we should make it get
3218  * retried on another circuit. */
3219  connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
3220 
3221  /* Mark this circuit "unusable for new streams". */
3223  return -1;
3224  }
3225 
3226  /* Set up begin cell flags. */
3227  edge_conn->begincell_flags = connection_ap_get_begincell_flags(ap_conn);
3228 
3229  tor_snprintf(payload,RELAY_PAYLOAD_SIZE, "%s:%d",
3230  (circ->base_.purpose == CIRCUIT_PURPOSE_C_GENERAL ||
3231  circ->base_.purpose == CIRCUIT_PURPOSE_CONTROLLER) ?
3232  ap_conn->socks_request->address : "",
3233  ap_conn->socks_request->port);
3234  payload_len = (int)strlen(payload)+1;
3235  if (payload_len <= RELAY_PAYLOAD_SIZE - 4 && edge_conn->begincell_flags) {
3236  set_uint32(payload + payload_len, htonl(edge_conn->begincell_flags));
3237  payload_len += 4;
3238  }
3239 
3240  log_info(LD_APP,
3241  "Sending relay cell %d on circ %u to begin stream %d.",
3242  (int)ap_conn->use_begindir,
3243  (unsigned)circ->base_.n_circ_id,
3244  edge_conn->stream_id);
3245 
3246  begin_type = ap_conn->use_begindir ?
3247  RELAY_COMMAND_BEGIN_DIR : RELAY_COMMAND_BEGIN;
3248 
3249  /* Check that circuits are anonymised, based on their type. */
3250  if (begin_type == RELAY_COMMAND_BEGIN) {
3251  /* This connection is a standard OR connection.
3252  * Make sure its path length is anonymous, or that we're in a
3253  * non-anonymous mode. */
3254  assert_circ_anonymity_ok(circ, options);
3255  } else if (begin_type == RELAY_COMMAND_BEGIN_DIR) {
3256  /* This connection is a begindir directory connection.
3257  * Look at the linked directory connection to access the directory purpose.
3258  * If a BEGINDIR connection is ever not linked, that's a bug. */
3259  if (BUG(!base_conn->linked)) {
3260  return -1;
3261  }
3262  connection_t *linked_dir_conn_base = base_conn->linked_conn;
3263  /* If the linked connection has been unlinked by other code, we can't send
3264  * a begin cell on it. */
3265  if (!linked_dir_conn_base) {
3266  return -1;
3267  }
3268  /* Sensitive directory connections must have an anonymous path length.
3269  * Otherwise, directory connections are typically one-hop.
3270  * This matches the earlier check for directory connection path anonymity
3271  * in directory_initiate_request(). */
3272  if (purpose_needs_anonymity(linked_dir_conn_base->purpose,
3273  TO_DIR_CONN(linked_dir_conn_base)->router_purpose,
3274  TO_DIR_CONN(linked_dir_conn_base)->requested_resource)) {
3275  assert_circ_anonymity_ok(circ, options);
3276  }
3277  } else {
3278  /* This code was written for the two connection types BEGIN and BEGIN_DIR
3279  */
3280  tor_assert_unreached();
3281  }
3282 
3283  if (connection_edge_send_command(edge_conn, begin_type,
3284  begin_type == RELAY_COMMAND_BEGIN ? payload : NULL,
3285  begin_type == RELAY_COMMAND_BEGIN ? payload_len : 0) < 0)
3286  return -1; /* circuit is closed, don't continue */
3287 
3288  edge_conn->package_window = STREAMWINDOW_START;
3289  edge_conn->deliver_window = STREAMWINDOW_START;
3290  base_conn->state = AP_CONN_STATE_CONNECT_WAIT;
3291  log_info(LD_APP,"Address/port sent, ap socket "TOR_SOCKET_T_FORMAT
3292  ", n_circ_id %u",
3293  base_conn->s, (unsigned)circ->base_.n_circ_id);
3294  control_event_stream_status(ap_conn, STREAM_EVENT_SENT_CONNECT, 0);
3295 
3296  /* If there's queued-up data, send it now */
3297  if ((connection_get_inbuf_len(base_conn) ||
3298  ap_conn->sending_optimistic_data) &&
3300  log_info(LD_APP, "Sending up to %ld + %ld bytes of queued-up data",
3301  (long)connection_get_inbuf_len(base_conn),
3302  ap_conn->sending_optimistic_data ?
3303  (long)buf_datalen(ap_conn->sending_optimistic_data) : 0);
3304  if (connection_edge_package_raw_inbuf(edge_conn, 1, NULL) < 0) {
3305  connection_mark_for_close(base_conn);
3306  }
3307  }
3308 
3309  return 0;
3310 }
3311 
3312 /** Write a relay resolve cell, using destaddr and destport from ap_conn's
3313  * socks_request field, and send it down circ.
3314  *
3315  * If ap_conn is broken, mark it for close and return -1. Else return 0.
3316  */
3317 int
3319 {
3320  int payload_len, command;
3321  const char *string_addr;
3322  char inaddr_buf[REVERSE_LOOKUP_NAME_BUF_LEN];
3323  origin_circuit_t *circ;
3324  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(ap_conn);
3325  connection_t *base_conn = TO_CONN(edge_conn);
3326  tor_assert(edge_conn->on_circuit);
3327  circ = TO_ORIGIN_CIRCUIT(edge_conn->on_circuit);
3328 
3329  tor_assert(base_conn->type == CONN_TYPE_AP);
3331  tor_assert(ap_conn->socks_request);
3333 
3334  command = ap_conn->socks_request->command;
3335  tor_assert(SOCKS_COMMAND_IS_RESOLVE(command));
3336 
3337  edge_conn->stream_id = get_unique_stream_id_by_circ(circ);
3338  if (edge_conn->stream_id==0) {
3339  /* XXXX+ Instead of closing this stream, we should make it get
3340  * retried on another circuit. */
3341  connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
3342 
3343  /* Mark this circuit "unusable for new streams". */
3345  return -1;
3346  }
3347 
3348  if (command == SOCKS_COMMAND_RESOLVE) {
3349  string_addr = ap_conn->socks_request->address;
3350  payload_len = (int)strlen(string_addr)+1;
3351  } else {
3352  /* command == SOCKS_COMMAND_RESOLVE_PTR */
3353  const char *a = ap_conn->socks_request->address;
3354  tor_addr_t addr;
3355  int r;
3356 
3357  /* We're doing a reverse lookup. The input could be an IP address, or
3358  * could be an .in-addr.arpa or .ip6.arpa address */
3359  r = tor_addr_parse_PTR_name(&addr, a, AF_UNSPEC, 1);
3360  if (r <= 0) {
3361  log_warn(LD_APP, "Rejecting ill-formed reverse lookup of %s",
3362  safe_str_client(a));
3363  connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
3364  return -1;
3365  }
3366 
3367  r = tor_addr_to_PTR_name(inaddr_buf, sizeof(inaddr_buf), &addr);
3368  if (r < 0) {
3369  log_warn(LD_BUG, "Couldn't generate reverse lookup hostname of %s",
3370  safe_str_client(a));
3371  connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
3372  return -1;
3373  }
3374 
3375  string_addr = inaddr_buf;
3376  payload_len = (int)strlen(inaddr_buf)+1;
3377  tor_assert(payload_len <= (int)sizeof(inaddr_buf));
3378  }
3379 
3380  log_debug(LD_APP,
3381  "Sending relay cell to begin stream %d.", edge_conn->stream_id);
3382 
3383  if (connection_edge_send_command(edge_conn,
3384  RELAY_COMMAND_RESOLVE,
3385  string_addr, payload_len) < 0)
3386  return -1; /* circuit is closed, don't continue */
3387 
3388  if (!base_conn->address) {
3389  /* This might be unnecessary. XXXX */
3390  base_conn->address = tor_addr_to_str_dup(&base_conn->addr);
3391  }
3392  base_conn->state = AP_CONN_STATE_RESOLVE_WAIT;
3393  log_info(LD_APP,"Address sent for resolve, ap socket "TOR_SOCKET_T_FORMAT
3394  ", n_circ_id %u",
3395  base_conn->s, (unsigned)circ->base_.n_circ_id);
3396  control_event_stream_status(ap_conn, STREAM_EVENT_SENT_RESOLVE, 0);
3397  return 0;
3398 }
3399 
3400 /** Make an AP connection_t linked to the connection_t <b>partner</b>. make a
3401  * new linked connection pair, and attach one side to the conn, connection_add
3402  * it, initialize it to circuit_wait, and call
3403  * connection_ap_handshake_attach_circuit(conn) on it.
3404  *
3405  * Return the newly created end of the linked connection pair, or -1 if error.
3406  */
3409  char *address, uint16_t port,
3410  const char *digest,
3411  int session_group, int isolation_flags,
3412  int use_begindir, int want_onehop)
3413 {
3414  entry_connection_t *conn;
3415  connection_t *base_conn;
3416 
3417  log_info(LD_APP,"Making internal %s tunnel to %s:%d ...",
3418  want_onehop ? "direct" : "anonymized",
3419  safe_str_client(address), port);
3420 
3422  base_conn = ENTRY_TO_CONN(conn);
3423  base_conn->linked = 1; /* so that we can add it safely below. */
3424 
3425  /* populate conn->socks_request */
3426 
3427  /* leave version at zero, so the socks_reply is empty */
3428  conn->socks_request->socks_version = 0;
3429  conn->socks_request->has_finished = 0; /* waiting for 'connected' */
3430  strlcpy(conn->socks_request->address, address,
3431  sizeof(conn->socks_request->address));
3432  conn->socks_request->port = port;
3434  conn->want_onehop = want_onehop;
3435  conn->use_begindir = use_begindir;
3436  if (use_begindir) {
3437  conn->chosen_exit_name = tor_malloc(HEX_DIGEST_LEN+2);
3438  conn->chosen_exit_name[0] = '$';
3439  tor_assert(digest);
3441  digest, DIGEST_LEN);
3442  }
3443 
3444  /* Populate isolation fields. */
3446  conn->original_dest_address = tor_strdup(address);
3447  conn->entry_cfg.session_group = session_group;
3448  conn->entry_cfg.isolation_flags = isolation_flags;
3449 
3450  base_conn->address = tor_strdup("(Tor_internal)");
3451  tor_addr_make_unspec(&base_conn->addr);
3452  base_conn->port = 0;
3453 
3454  connection_link_connections(partner, base_conn);
3455 
3456  if (connection_add(base_conn) < 0) { /* no space, forget it */
3457  connection_free(base_conn);
3458  return NULL;
3459  }
3460 
3461  base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
3462 
3463  control_event_stream_status(conn, STREAM_EVENT_NEW, 0);
3464 
3465  /* attaching to a dirty circuit is fine */
3466  connection_ap_mark_as_pending_circuit(conn);
3467  log_info(LD_APP,"... application connection created and linked.");
3468  return conn;
3469 }
3470 
3471 /** Notify any interested controller connections about a new hostname resolve
3472  * or resolve error. Takes the same arguments as does
3473  * connection_ap_handshake_socks_resolved(). */
3474 static void
3476  int answer_type,
3477  size_t answer_len,
3478  const char *answer,
3479  int ttl,
3480  time_t expires)
3481 {
3482  uint64_t stream_id = 0;
3483 
3484  if (BUG(!conn)) {
3485  return;
3486  }
3487 
3488  stream_id = ENTRY_TO_CONN(conn)->global_identifier;
3489 
3490  expires = time(NULL) + ttl;
3491  if (answer_type == RESOLVED_TYPE_IPV4 && answer_len >= 4) {
3492  char *cp = tor_dup_ip(ntohl(get_uint32(answer)));
3493  if (cp)
3495  cp, expires, NULL, 0, stream_id);
3496  tor_free(cp);
3497  } else if (answer_type == RESOLVED_TYPE_HOSTNAME && answer_len < 256) {
3498  char *cp = tor_strndup(answer, answer_len);
3500  cp, expires, NULL, 0, stream_id);
3501  tor_free(cp);
3502  } else {
3504  "<error>", time(NULL)+ttl,
3505  "error=yes", 0, stream_id);
3506  }
3507 }
3508 
3509 /**
3510  * As connection_ap_handshake_socks_resolved, but take a tor_addr_t to send
3511  * as the answer.
3512  */
3513 void
3515  const tor_addr_t *answer,
3516  int ttl,
3517  time_t expires)
3518 {
3519  if (tor_addr_family(answer) == AF_INET) {
3520  uint32_t a = tor_addr_to_ipv4n(answer); /* network order */
3521  connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_IPV4,4,
3522  (uint8_t*)&a,
3523  ttl, expires);
3524  } else if (tor_addr_family(answer) == AF_INET6) {
3525  const uint8_t *a = tor_addr_to_in6_addr8(answer);
3526  connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_IPV6,16,
3527  a,
3528  ttl, expires);
3529  } else {
3530  log_warn(LD_BUG, "Got called with address of unexpected family %d",
3531  tor_addr_family(answer));
3533  RESOLVED_TYPE_ERROR,0,NULL,-1,-1);
3534  }
3535 }
3536 
3537 /** Send an answer to an AP connection that has requested a DNS lookup via
3538  * SOCKS. The type should be one of RESOLVED_TYPE_(IPV4|IPV6|HOSTNAME) or -1
3539  * for unreachable; the answer should be in the format specified in the socks
3540  * extensions document. <b>ttl</b> is the ttl for the answer, or -1 on
3541  * certain errors or for values that didn't come via DNS. <b>expires</b> is
3542  * a time when the answer expires, or -1 or TIME_MAX if there's a good TTL.
3543  **/
3544 /* XXXX the use of the ttl and expires fields is nutty. Let's make this
3545  * interface and those that use it less ugly. */
3546 MOCK_IMPL(void,
3548  int answer_type,
3549  size_t answer_len,
3550  const uint8_t *answer,
3551  int ttl,
3552  time_t expires))
3553 {
3554  char buf[384];
3555  size_t replylen;
3556 
3557  if (ttl >= 0) {
3558  if (answer_type == RESOLVED_TYPE_IPV4 && answer_len == 4) {
3559  tor_addr_t a;
3560  tor_addr_from_ipv4n(&a, get_uint32(answer));
3561  if (! tor_addr_is_null(&a)) {
3563  conn->socks_request->address, &a,
3564  conn->chosen_exit_name, ttl);
3565  }
3566  } else if (answer_type == RESOLVED_TYPE_IPV6 && answer_len == 16) {
3567  tor_addr_t a;
3568  tor_addr_from_ipv6_bytes(&a, answer);
3569  if (! tor_addr_is_null(&a)) {
3571  conn->socks_request->address, &a,
3572  conn->chosen_exit_name, ttl);
3573  }
3574  } else if (answer_type == RESOLVED_TYPE_HOSTNAME && answer_len < 256) {
3575  char *cp = tor_strndup((char*)answer, answer_len);
3577  conn->socks_request->address,
3578  cp,
3579  conn->chosen_exit_name, ttl);
3580  tor_free(cp);
3581  }
3582  }
3583 
3584  if (ENTRY_TO_EDGE_CONN(conn)->is_dns_request) {
3585  if (conn->dns_server_request) {
3586  /* We had a request on our DNS port: answer it. */
3587  dnsserv_resolved(conn, answer_type, answer_len, (char*)answer, ttl);
3588  conn->socks_request->has_finished = 1;
3589  return;
3590  } else {
3591  /* This must be a request from the controller. Since answers to those
3592  * requests are not cached, they do not generate an ADDRMAP event on
3593  * their own. */
3594  tell_controller_about_resolved_result(conn, answer_type, answer_len,
3595  (char*)answer, ttl, expires);
3596  conn->socks_request->has_finished = 1;
3597  return;
3598  }
3599  /* We shouldn't need to free conn here; it gets marked by the caller. */
3600  }
3601 
3602  if (conn->socks_request->socks_version == 4) {
3603  buf[0] = 0x00; /* version */
3604  if (answer_type == RESOLVED_TYPE_IPV4 && answer_len == 4) {
3605  buf[1] = SOCKS4_GRANTED;
3606  set_uint16(buf+2, 0);
3607  memcpy(buf+4, answer, 4); /* address */
3608  replylen = SOCKS4_NETWORK_LEN;
3609  } else { /* "error" */
3610  buf[1] = SOCKS4_REJECT;
3611  memset(buf+2, 0, 6);
3612  replylen = SOCKS4_NETWORK_LEN;
3613  }
3614  } else if (conn->socks_request->socks_version == 5) {
3615  /* SOCKS5 */
3616  buf[0] = 0x05; /* version */
3617  if (answer_type == RESOLVED_TYPE_IPV4 && answer_len == 4) {
3618  buf[1] = SOCKS5_SUCCEEDED;
3619  buf[2] = 0; /* reserved */
3620  buf[3] = 0x01; /* IPv4 address type */
3621  memcpy(buf+4, answer, 4); /* address */
3622  set_uint16(buf+8, 0); /* port == 0. */
3623  replylen = 10;
3624  } else if (answer_type == RESOLVED_TYPE_IPV6 && answer_len == 16) {
3625  buf[1] = SOCKS5_SUCCEEDED;
3626  buf[2] = 0; /* reserved */
3627  buf[3] = 0x04; /* IPv6 address type */
3628  memcpy(buf+4, answer, 16); /* address */
3629  set_uint16(buf+20, 0); /* port == 0. */
3630  replylen = 22;
3631  } else if (answer_type == RESOLVED_TYPE_HOSTNAME && answer_len < 256) {
3632  buf[1] = SOCKS5_SUCCEEDED;
3633  buf[2] = 0; /* reserved */
3634  buf[3] = 0x03; /* Domainname address type */
3635  buf[4] = (char)answer_len;
3636  memcpy(buf+5, answer, answer_len); /* address */
3637  set_uint16(buf+5+answer_len, 0); /* port == 0. */
3638  replylen = 5+answer_len+2;
3639  } else {
3640  buf[1] = SOCKS5_HOST_UNREACHABLE;
3641  memset(buf+2, 0, 8);
3642  replylen = 10;
3643  }
3644  } else {
3645  /* no socks version info; don't send anything back */
3646  return;
3647  }
3648  connection_ap_handshake_socks_reply(conn, buf, replylen,
3649  (answer_type == RESOLVED_TYPE_IPV4 ||
3650  answer_type == RESOLVED_TYPE_IPV6 ||
3651  answer_type == RESOLVED_TYPE_HOSTNAME) ?
3652  0 : END_STREAM_REASON_RESOLVEFAILED);
3653 }
3654 
3655 /** Send a socks reply to stream <b>conn</b>, using the appropriate
3656  * socks version, etc, and mark <b>conn</b> as completed with SOCKS
3657  * handshaking.
3658  *
3659  * If <b>reply</b> is defined, then write <b>replylen</b> bytes of it to conn
3660  * and return, else reply based on <b>endreason</b> (one of
3661  * END_STREAM_REASON_*). If <b>reply</b> is undefined, <b>endreason</b> can't
3662  * be 0 or REASON_DONE. Send endreason to the controller, if appropriate.
3663  */
3664 void
3666  size_t replylen, int endreason)
3667 {
3668  char buf[256];
3669  socks5_reply_status_t status;
3670 
3671  tor_assert(conn->socks_request); /* make sure it's an AP stream */
3672 
3675  status = conn->socks_request->socks_extended_error_code;
3676  } else {
3677  status = stream_end_reason_to_socks5_response(endreason);
3678  }
3679 
3680  if (!SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command)) {
3681  control_event_stream_status(conn, status==SOCKS5_SUCCEEDED ?
3682  STREAM_EVENT_SUCCEEDED : STREAM_EVENT_FAILED,
3683  endreason);
3684  }
3685 
3686  /* Flag this stream's circuit as having completed a stream successfully
3687  * (for path bias) */
3688  if (status == SOCKS5_SUCCEEDED ||
3689  endreason == END_STREAM_REASON_RESOLVEFAILED ||
3690  endreason == END_STREAM_REASON_CONNECTREFUSED ||
3691  endreason == END_STREAM_REASON_CONNRESET ||
3692  endreason == END_STREAM_REASON_NOROUTE ||
3693  endreason == END_STREAM_REASON_RESOURCELIMIT) {
3694  if (!conn->edge_.on_circuit ||
3695  !CIRCUIT_IS_ORIGIN(conn->edge_.on_circuit)) {
3696  if (endreason != END_STREAM_REASON_RESOLVEFAILED) {
3697  log_info(LD_BUG,
3698  "No origin circuit for successful SOCKS stream %"PRIu64
3699  ". Reason: %d",
3700  (ENTRY_TO_CONN(conn)->global_identifier),
3701  endreason);
3702  }
3703  /*
3704  * Else DNS remaps and failed hidden service lookups can send us
3705  * here with END_STREAM_REASON_RESOLVEFAILED; ignore it
3706  *
3707  * Perhaps we could make the test more precise; we can tell hidden
3708  * services by conn->edge_.renddata != NULL; anything analogous for
3709  * the DNS remap case?
3710  */
3711  } else {
3712  // XXX: Hrmm. It looks like optimistic data can't go through this
3713  // codepath, but someone should probably test it and make sure.
3714  // We don't want to mark optimistically opened streams as successful.
3716  }
3717  }
3718 
3719  if (conn->socks_request->has_finished) {
3720  log_warn(LD_BUG, "(Harmless.) duplicate calls to "
3721  "connection_ap_handshake_socks_reply.");
3722  return;
3723  }
3724  if (replylen) { /* we already have a reply in mind */
3725  connection_buf_add(reply, replylen, ENTRY_TO_CONN(conn));
3726  conn->socks_request->has_finished = 1;
3727  return;
3728  }
3729  if (conn->socks_request->listener_type ==
3731  const char *response = end_reason_to_http_connect_response_line(endreason);
3732  if (!response) {
3733  response = "HTTP/1.0 400 Bad Request\r\n\r\n";
3734  }
3735  connection_buf_add(response, strlen(response), ENTRY_TO_CONN(conn));
3736  } else if (conn->socks_request->socks_version == 4) {
3737  memset(buf,0,SOCKS4_NETWORK_LEN);
3738  buf[1] = (status==SOCKS5_SUCCEEDED ? SOCKS4_GRANTED : SOCKS4_REJECT);
3739  /* leave version, destport, destip zero */
3740  connection_buf_add(buf, SOCKS4_NETWORK_LEN, ENTRY_TO_CONN(conn));
3741  } else if (conn->socks_request->socks_version == 5) {
3742  size_t buf_len;
3743  memset(buf,0,sizeof(buf));
3744  if (tor_addr_family(&conn->edge_.base_.addr) == AF_INET) {
3745  buf[0] = 5; /* version 5 */
3746  buf[1] = (char)status;
3747  buf[2] = 0;
3748  buf[3] = 1; /* ipv4 addr */
3749  /* 4 bytes for the header, 2 bytes for the port, 4 for the address. */
3750  buf_len = 10;
3751  } else { /* AF_INET6. */
3752  buf[0] = 5; /* version 5 */
3753  buf[1] = (char)status;
3754  buf[2] = 0;
3755  buf[3] = 4; /* ipv6 addr */
3756  /* 4 bytes for the header, 2 bytes for the port, 16 for the address. */
3757  buf_len = 22;
3758  }
3759  connection_buf_add(buf,buf_len,ENTRY_TO_CONN(conn));
3760  }
3761  /* If socks_version isn't 4 or 5, don't send anything.
3762  * This can happen in the case of AP bridges. */
3763  conn->socks_request->has_finished = 1;
3764  return;
3765 }
3766 
3767 /** Read a RELAY_BEGIN or RELAY_BEGIN_DIR cell from <b>cell</b>, decode it, and
3768  * place the result in <b>bcell</b>. On success return 0; on failure return
3769  * <0 and set *<b>end_reason_out</b> to the end reason we should send back to
3770  * the client.
3771  *
3772  * Return -1 in the case where we want to send a RELAY_END cell, and < -1 when
3773  * we don't.
3774  **/
3775 STATIC int
3776 begin_cell_parse(const cell_t *cell, begin_cell_t *bcell,
3777  uint8_t *end_reason_out)
3778 {
3779  relay_header_t rh;
3780  const uint8_t *body, *nul;
3781 
3782  memset(bcell, 0, sizeof(*bcell));
3783  *end_reason_out = END_STREAM_REASON_MISC;
3784 
3785  relay_header_unpack(&rh, cell->payload);
3786  if (rh.length > RELAY_PAYLOAD_SIZE) {
3787  return -2; /*XXXX why not TORPROTOCOL? */
3788  }
3789 
3790  bcell->stream_id = rh.stream_id;
3791 
3792  if (rh.command == RELAY_COMMAND_BEGIN_DIR) {
3793  bcell->is_begindir = 1;
3794  return 0;
3795  } else if (rh.command != RELAY_COMMAND_BEGIN) {
3796  log_warn(LD_BUG, "Got an unexpected command %d", (int)rh.command);
3797  *end_reason_out = END_STREAM_REASON_INTERNAL;
3798  return -1;
3799  }
3800 
3801  body = cell->payload + RELAY_HEADER_SIZE;
3802  nul = memchr(body, 0, rh.length);
3803  if (! nul) {
3804  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
3805  "Relay begin cell has no \\0. Closing.");
3806  *end_reason_out = END_STREAM_REASON_TORPROTOCOL;
3807  return -1;
3808  }
3809 
3810  if (tor_addr_port_split(LOG_PROTOCOL_WARN,
3811  (char*)(body),
3812  &bcell->address,&bcell->port)<0) {
3813  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
3814  "Unable to parse addr:port in relay begin cell. Closing.");
3815  *end_reason_out = END_STREAM_REASON_TORPROTOCOL;
3816  return -1;
3817  }
3818  if (bcell->port == 0) {
3819  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
3820  "Missing port in relay begin cell. Closing.");
3821  tor_free(bcell->address);
3822  *end_reason_out = END_STREAM_REASON_TORPROTOCOL;
3823  return -1;
3824  }
3825  if (body + rh.length >= nul + 4)
3826  bcell->flags = ntohl(get_uint32(nul+1));
3827 
3828  return 0;
3829 }
3830 
3831 /** For the given <b>circ</b> and the edge connection <b>conn</b>, setup the
3832  * connection, attach it to the circ and connect it. Return 0 on success
3833  * or END_CIRC_AT_ORIGIN if we can't find the requested hidden service port
3834  * where the caller should close the circuit. */
3835 static int
3837 {
3838  int ret;
3839  origin_circuit_t *origin_circ;
3840 
3841  assert_circuit_ok(circ);
3843  tor_assert(conn);
3844 
3845  log_debug(LD_REND, "Connecting the hidden service rendezvous circuit "
3846  "to the service destination.");
3847 
3848  origin_circ = TO_ORIGIN_CIRCUIT(circ);
3849  conn->base_.address = tor_strdup("(rendezvous)");
3850  conn->base_.state = EXIT_CONN_STATE_CONNECTING;
3851 
3852  if (origin_circ->hs_ident) {
3853  /* Setup the identifier to be the one for the circuit service. */
3854  conn->hs_ident =
3857  ret = hs_service_set_conn_addr_port(origin_circ, conn);
3858  } else {
3859  /* We should never get here if the circuit's purpose is rendezvous. */
3861  return -1;
3862  }
3863  if (ret < 0) {
3864  log_info(LD_REND, "Didn't find rendezvous service at %s",
3866  /* Send back reason DONE because we want to make hidden service port
3867  * scanning harder thus instead of returning that the exit policy
3868  * didn't match, which makes it obvious that the port is closed,
3869  * return DONE and kill the circuit. That way, a user (malicious or
3870  * not) needs one circuit per bad port unless it matches the policy of
3871  * the hidden service. */
3873  END_STREAM_REASON_DONE,
3874  origin_circ->cpath->prev);
3875  connection_free_(TO_CONN(conn));
3876 
3877  /* Drop the circuit here since it might be someone deliberately
3878  * scanning the hidden service ports. Note that this mitigates port
3879  * scanning by adding more work on the attacker side to successfully
3880  * scan but does not fully solve it. */
3881  if (ret < -1) {
3882  return END_CIRC_AT_ORIGIN;
3883  } else {
3884  return 0;
3885  }
3886  }
3887 
3888  /* Link the circuit and the connection crypt path. */
3889  conn->cpath_layer = origin_circ->cpath->prev;
3890 
3891  /* If this is the first stream on this circuit, tell circpad */
3892  if (!origin_circ->p_streams)
3894 
3895  /* Add it into the linked list of p_streams on this circuit */
3896  conn->next_stream = origin_circ->p_streams;
3897  origin_circ->p_streams = conn;
3898  conn->on_circuit = circ;
3899  assert_circuit_ok(circ);
3900 
3901  hs_inc_rdv_stream_counter(origin_circ);
3902 
3903  /* If it's an onion service connection, we might want to include the proxy
3904  * protocol header: */
3905  if (conn->hs_ident) {
3906  hs_circuit_id_protocol_t circuit_id_protocol =
3907  hs_service_exports_circuit_id(&conn->hs_ident->identity_pk);
3908  export_hs_client_circuit_id(conn, circuit_id_protocol);
3909  }
3910 
3911  /* Connect tor to the hidden service destination. */
3913 
3914  /* For path bias: This circuit was used successfully */
3915  pathbias_mark_use_success(origin_circ);
3916  return 0;
3917 }
3918 
3919 /** A relay 'begin' or 'begin_dir' cell has arrived, and either we are
3920  * an exit hop for the circuit, or we are the origin and it is a
3921  * rendezvous begin.
3922  *
3923  * Launch a new exit connection and initialize things appropriately.
3924  *
3925  * If it's a rendezvous stream, call connection_exit_connect() on
3926  * it.
3927  *
3928  * For general streams, call dns_resolve() on it first, and only call
3929  * connection_exit_connect() if the dns answer is already known.
3930  *
3931  * Note that we don't call connection_add() on the new stream! We wait
3932  * for connection_exit_connect() to do that.
3933  *
3934  * Return -(some circuit end reason) if we want to tear down <b>circ</b>.
3935  * Else return 0.
3936  */
3937 int
3939 {
3940  edge_connection_t *n_stream;
3941  relay_header_t rh;
3942  char *address = NULL;
3943  uint16_t port = 0;
3944  or_circuit_t *or_circ = NULL;
3945  origin_circuit_t *origin_circ = NULL;
3946  crypt_path_t *layer_hint = NULL;
3947  const or_options_t *options = get_options();
3948  begin_cell_t bcell;
3949  int rv;
3950  uint8_t end_reason=0;
3951 
3952  assert_circuit_ok(circ);
3953  if (!CIRCUIT_IS_ORIGIN(circ)) {
3954  or_circ = TO_OR_CIRCUIT(circ);
3955  } else {
3957  origin_circ = TO_ORIGIN_CIRCUIT(circ);
3958  layer_hint = origin_circ->cpath->prev;
3959  }
3960 
3961  relay_header_unpack(&rh, cell->payload);
3962  if (rh.length > RELAY_PAYLOAD_SIZE)
3963  return -END_CIRC_REASON_TORPROTOCOL;
3964 
3965  if (!server_mode(options) &&
3967  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
3968  "Relay begin cell at non-server. Closing.");
3970  END_STREAM_REASON_EXITPOLICY, NULL);
3971  return 0;
3972  }
3973 
3974  rv = begin_cell_parse(cell, &bcell, &end_reason);
3975  if (rv < -1) {
3976  return -END_CIRC_REASON_TORPROTOCOL;
3977  } else if (rv == -1) {
3978  tor_free(bcell.address);
3979  relay_send_end_cell_from_edge(rh.stream_id, circ, end_reason, layer_hint);
3980  return 0;
3981  }
3982 
3983  if (! bcell.is_begindir) {
3984  /* Steal reference */
3985  tor_assert(bcell.address);
3986  address = bcell.address;
3987  port = bcell.port;
3988 
3989  if (or_circ && or_circ->p_chan) {
3990  const int client_chan = channel_is_client(or_circ->p_chan);
3991  if ((client_chan ||
3993  or_circ->p_chan->identity_digest) &&
3994  should_refuse_unknown_exits(options)))) {
3995  /* Don't let clients use us as a single-hop proxy. It attracts
3996  * attackers and users who'd be better off with, well, single-hop
3997  * proxies. */
3998  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
3999  "Attempt by %s to open a stream %s. Closing.",
4000  safe_str(channel_describe_peer(or_circ->p_chan)),
4001  client_chan ? "on first hop of circuit" :
4002  "from unknown relay");
4004  client_chan ?
4005  END_STREAM_REASON_TORPROTOCOL :
4006  END_STREAM_REASON_MISC,
4007  NULL);
4008  tor_free(address);
4009  return 0;
4010  }
4011  }
4012  } else if (rh.command == RELAY_COMMAND_BEGIN_DIR) {
4013  if (!directory_permits_begindir_requests(options) ||
4014  circ->purpose != CIRCUIT_PURPOSE_OR) {
4016  END_STREAM_REASON_NOTDIRECTORY, layer_hint);
4017  return 0;
4018  }
4019  /* Make sure to get the 'real' address of the previous hop: the
4020  * caller might want to know whether the remote IP address has changed,
4021  * and we might already have corrected base_.addr[ess] for the relay's
4022  * canonical IP address. */
4023  tor_addr_t chan_addr;
4024  if (or_circ && or_circ->p_chan &&
4025  channel_get_addr_if_possible(or_circ->p_chan, &chan_addr)) {
4026  address = tor_addr_to_str_dup(&chan_addr);
4027  } else {
4028  address = tor_strdup("127.0.0.1");
4029  }
4030  port = 1; /* XXXX This value is never actually used anywhere, and there
4031  * isn't "really" a connection here. But we
4032  * need to set it to something nonzero. */
4033  } else {
4034  log_warn(LD_BUG, "Got an unexpected command %d", (int)rh.command);
4036  END_STREAM_REASON_INTERNAL, layer_hint);
4037  return 0;
4038  }
4039 
4040  if (! options->IPv6Exit) {
4041  /* I don't care if you prefer IPv6; I can't give you any. */
4042  bcell.flags &= ~BEGIN_FLAG_IPV6_PREFERRED;
4043  /* If you don't want IPv4, I can't help. */
4044  if (bcell.flags & BEGIN_FLAG_IPV4_NOT_OK) {
4045  tor_free(address);
4047  END_STREAM_REASON_EXITPOLICY, layer_hint);
4048  return 0;
4049  }
4050  }
4051 
4052  log_debug(LD_EXIT,"Creating new exit connection.");
4053  /* The 'AF_INET' here is temporary; we might need to change it later in
4054  * connection_exit_connect(). */
4055  n_stream = edge_connection_new(CONN_TYPE_EXIT, AF_INET);
4056 
4057  /* Remember the tunneled request ID in the new edge connection, so that
4058  * we can measure download times. */
4059  n_stream->dirreq_id = circ->dirreq_id;
4060 
4061  n_stream->base_.purpose = EXIT_PURPOSE_CONNECT;
4062  n_stream->begincell_flags = bcell.flags;
4063  n_stream->stream_id = rh.stream_id;
4064  n_stream->base_.port = port;
4065  /* leave n_stream->s at -1, because it's not yet valid */
4066  n_stream->package_window = STREAMWINDOW_START;
4067  n_stream->deliver_window = STREAMWINDOW_START;
4068 
4069  if (circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED) {
4070  int ret;
4071  tor_free(address);
4072  /* We handle this circuit and stream in this function for all supported
4073  * hidden service version. */
4074  ret = handle_hs_exit_conn(circ, n_stream);
4075 
4076  if (ret == 0) {
4077  /* This was a valid cell. Count it as delivered + overhead. */
4078  circuit_read_valid_data(origin_circ, rh.length);
4079  }
4080  return ret;
4081  }
4082  tor_strlower(address);
4083  n_stream->base_.address = address;
4084  n_stream->base_.state = EXIT_CONN_STATE_RESOLVEFAILED;
4085  /* default to failed, change in dns_resolve if it turns out not to fail */
4086 
4087  /* If we're hibernating or shutting down, we refuse to open new streams. */
4088  if (we_are_hibernating()) {
4090  END_STREAM_REASON_HIBERNATING, NULL);
4091  connection_free_(TO_CONN(n_stream));
4092  return 0;
4093  }
4094 
4095  n_stream->on_circuit = circ;
4096 
4097  if (rh.command == RELAY_COMMAND_BEGIN_DIR) {
4098  tor_addr_t tmp_addr;
4099  tor_assert(or_circ);
4100  if (or_circ->p_chan &&
4101  channel_get_addr_if_possible(or_circ->p_chan, &tmp_addr)) {
4102  tor_addr_copy(&n_stream->base_.addr, &tmp_addr);
4103  }
4104  return connection_exit_connect_dir(n_stream);
4105  }
4106 
4107  log_debug(LD_EXIT,"about to start the dns_resolve().");
4108 
4109  /* send it off to the gethostbyname farm */
4110  switch (dns_resolve(n_stream)) {
4111  case 1: /* resolve worked; now n_stream is attached to circ. */
4112  assert_circuit_ok(circ);
4113  log_debug(LD_EXIT,"about to call connection_exit_connect().");
4114  connection_exit_connect(n_stream);
4115  return 0;
4116  case -1: /* resolve failed */
4118  END_STREAM_REASON_RESOLVEFAILED, NULL);
4119  /* n_stream got freed. don't touch it. */
4120  break;
4121  case 0: /* resolve added to pending list */
4122  assert_circuit_ok(circ);
4123  break;
4124  }
4125  return 0;
4126 }
4127 
4128 /**
4129  * Called when we receive a RELAY_COMMAND_RESOLVE cell 'cell' along the
4130  * circuit <b>circ</b>;
4131  * begin resolving the hostname, and (eventually) reply with a RESOLVED cell.
4132  */
4133 int
4135 {
4136  edge_connection_t *dummy_conn;
4137  relay_header_t rh;
4138 
4140  relay_header_unpack(&rh, cell->payload);
4141  if (rh.length > RELAY_PAYLOAD_SIZE)
4142  return -1;
4143 
4144  /* This 'dummy_conn' only exists to remember the stream ID
4145  * associated with the resolve request; and to make the
4146  * implementation of dns.c more uniform. (We really only need to
4147  * remember the circuit, the stream ID, and the hostname to be
4148  * resolved; but if we didn't store them in a connection like this,
4149  * the housekeeping in dns.c would get way more complicated.)
4150  */
4151  dummy_conn = edge_connection_new(CONN_TYPE_EXIT, AF_INET);
4152  dummy_conn->stream_id = rh.stream_id;
4153  dummy_conn->base_.address = tor_strndup(
4154  (char*)cell->payload+RELAY_HEADER_SIZE,
4155  rh.length);
4156  dummy_conn->base_.port = 0;
4157  dummy_conn->base_.state = EXIT_CONN_STATE_RESOLVEFAILED;
4158  dummy_conn->base_.purpose = EXIT_PURPOSE_RESOLVE;
4159 
4160  dummy_conn->on_circuit = TO_CIRCUIT(circ);
4161 
4162  /* send it off to the gethostbyname farm */
4163  switch (dns_resolve(dummy_conn)) {
4164  case -1: /* Impossible to resolve; a resolved cell was sent. */
4165  /* Connection freed; don't touch it. */
4166  return 0;
4167  case 1: /* The result was cached; a resolved cell was sent. */
4168  if (!dummy_conn->base_.marked_for_close)
4169  connection_free_(TO_CONN(dummy_conn));
4170  return 0;
4171  case 0: /* resolve added to pending list */
4173  break;
4174  }
4175  return 0;
4176 }
4177 
4178 /** Helper: Return true and set *<b>why_rejected</b> to an optional clarifying
4179  * message message iff we do not allow connections to <b>addr</b>:<b>port</b>.
4180  */
4181 static int
4183  uint16_t port,
4184  const char **why_rejected)
4185 {
4186  if (router_compare_to_my_exit_policy(addr, port)) {
4187  *why_rejected = "";
4188  return 1;
4189  } else if (tor_addr_family(addr) == AF_INET6 && !get_options()->IPv6Exit) {
4190  *why_rejected = " (IPv6 address without IPv6Exit configured)";
4191  return 1;
4192  }
4193  return 0;
4194 }
4195 
4196 /** Return true iff the consensus allows network reentry. The default value is
4197  * false if the parameter is not found. */
4198 static bool
4200 {
4201  /* Default is false, re-entry is not allowed. */
4202  return !!networkstatus_get_param(NULL, "allow-network-reentry", 0, 0, 1);
4203 }
4204 
4205 /** Connect to conn's specified addr and port. If it worked, conn
4206  * has now been added to the connection_array.
4207  *
4208  * Send back a connected cell. Include the resolved IP of the destination
4209  * address, but <em>only</em> if it's a general exit stream. (Rendezvous
4210  * streams must not reveal what IP they connected to.)
4211  */
4212 void
4214 {
4215  const tor_addr_t *addr;
4216  uint16_t port;
4217  connection_t *conn = TO_CONN(edge_conn);
4218  int socket_error = 0, result;
4219  const char *why_failed_exit_policy = NULL;
4220 
4221  /* Apply exit policy to non-rendezvous connections. */
4222  if (! connection_edge_is_rendezvous_stream(edge_conn) &&
4223  my_exit_policy_rejects(&edge_conn->base_.addr,
4224  edge_conn->base_.port,
4225  &why_failed_exit_policy)) {
4226  if (BUG(!why_failed_exit_policy))
4227  why_failed_exit_policy = "";
4228  log_info(LD_EXIT,"%s failed exit policy%s. Closing.",
4229  connection_describe(conn),
4230  why_failed_exit_policy);
4231  connection_edge_end(edge_conn, END_STREAM_REASON_EXITPOLICY);
4232  circuit_detach_stream(circuit_get_by_edge_conn(edge_conn), edge_conn);
4233  connection_free(conn);
4234  return;
4235  }
4236 
4237  /* Next, check for attempts to connect back into the Tor network. We don't
4238  * want to allow these for the same reason we don't want to allow
4239  * infinite-length circuits (see "A Practical Congestion Attack on Tor Using
4240  * Long Paths", Usenix Security 2009). See also ticket 2667.
4241  *
4242  * Skip this if the network reentry is allowed (known from the consensus).
4243  *
4244  * The TORPROTOCOL reason is used instead of EXITPOLICY so client do NOT
4245  * attempt to retry connecting onto another circuit that will also fail
4246  * bringing considerable more load on the network if so.
4247  *
4248  * Since the address+port set here is a bloomfilter, in very rare cases, the
4249  * check will create a false positive meaning that the destination could
4250  * actually be legit and thus being denied exit. However, sending back a
4251  * reason that makes the client retry results in much worst consequences in
4252  * case of an attack so this is a small price to pay. */
4253  if (!connection_edge_is_rendezvous_stream(edge_conn) &&
4255  nodelist_reentry_contains(&conn->addr, conn->port)) {
4256  log_info(LD_EXIT, "%s tried to connect back to a known relay address. "
4257  "Closing.", connection_describe(conn));
4258  connection_edge_end(edge_conn, END_STREAM_REASON_CONNECTREFUSED);
4259  circuit_detach_stream(circuit_get_by_edge_conn(edge_conn), edge_conn);
4260  connection_free(conn);
4261  return;
4262  }
4263 
4264 #ifdef HAVE_SYS_UN_H
4265  if (conn->socket_family != AF_UNIX) {
4266 #else
4267  {
4268 #endif /* defined(HAVE_SYS_UN_H) */
4269  addr = &conn->addr;
4270  port = conn->port;
4271 
4272  if (tor_addr_family(addr) == AF_INET6)
4273  conn->socket_family = AF_INET6;
4274 
4275  log_debug(LD_EXIT, "about to try connecting");
4276  result = connection_connect(conn, conn->address,
4277  addr, port, &socket_error);
4278 #ifdef HAVE_SYS_UN_H
4279  } else {
4280  /*
4281  * In the AF_UNIX case, we expect to have already had conn->port = 1,
4282  * tor_addr_make_unspec(conn->addr) (cf. the way we mark in the incoming
4283  * case in connection_handle_listener_read()), and conn->address should
4284  * have the socket path to connect to.
4285  */
4286  tor_assert(conn->address && strlen(conn->address) > 0);
4287 
4288  log_debug(LD_EXIT, "about to try connecting");
4289  result = connection_connect_unix(conn, conn->address, &socket_error);
4290 #endif /* defined(HAVE_SYS_UN_H) */
4291  }
4292 
4293  switch (result) {
4294  case -1: {
4295  int reason = errno_to_stream_end_reason(socket_error);
4296  connection_edge_end(edge_conn, reason);
4297  circuit_detach_stream(circuit_get_by_edge_conn(edge_conn), edge_conn);
4298  connection_free(conn);
4299  return;
4300  }
4301  case 0:
4303 
4305  /* writable indicates finish;
4306  * readable/error indicates broken link in windows-land. */
4307  return;
4308  /* case 1: fall through */
4309  }
4310 
4311  conn->state = EXIT_CONN_STATE_OPEN;
4312  if (connection_get_outbuf_len(conn)) {
4313  /* in case there are any queued data cells, from e.g. optimistic data */
4315  } else {
4317  }
4318 
4319  /* also, deliver a 'connected' cell back through the circuit. */
4320  if (connection_edge_is_rendezvous_stream(edge_conn)) {
4321  /* don't send an address back! */
4322  connection_edge_send_command(edge_conn,
4323  RELAY_COMMAND_CONNECTED,
4324  NULL, 0);
4325  } else { /* normal stream */
4326  uint8_t connected_payload[MAX_CONNECTED_CELL_PAYLOAD_LEN];
4327  int connected_payload_len =
4328  connected_cell_format_payload(connected_payload, &conn->addr,
4329  edge_conn->address_ttl);
4330  if (connected_payload_len < 0) {
4331  connection_edge_end(edge_conn, END_STREAM_REASON_INTERNAL);
4332  circuit_detach_stream(circuit_get_by_edge_conn(edge_conn), edge_conn);
4333  connection_free(conn);
4334  return;
4335  }
4336 
4337  connection_edge_send_command(edge_conn,
4338  RELAY_COMMAND_CONNECTED,
4339  (char*)connected_payload,
4340  connected_payload_len);
4341  }
4342 }
4343 
4344 /** Given an exit conn that should attach to us as a directory server, open a
4345  * bridge connection with a linked connection pair, create a new directory
4346  * conn, and join them together. Return 0 on success (or if there was an
4347  * error we could send back an end cell for). Return -(some circuit end
4348  * reason) if the circuit needs to be torn down. Either connects
4349  * <b>exitconn</b>, frees it, or marks it, as appropriate.
4350  */
4351 static int
4353 {
4354  dir_connection_t *dirconn = NULL;
4355  or_circuit_t *circ = TO_OR_CIRCUIT(exitconn->on_circuit);
4356 
4357  log_info(LD_EXIT, "Opening local connection for anonymized directory exit");
4358 
4359  exitconn->base_.state = EXIT_CONN_STATE_OPEN;
4360 
4361  dirconn = dir_connection_new(tor_addr_family(&exitconn->base_.addr));
4362 
4363  tor_addr_copy(&dirconn->base_.addr, &exitconn->base_.addr);
4364  dirconn->base_.port = 0;
4365  dirconn->base_.address = tor_strdup(exitconn->base_.address);
4366  dirconn->base_.type = CONN_TYPE_DIR;
4367  dirconn->base_.purpose = DIR_PURPOSE_SERVER;
4368  dirconn->base_.state = DIR_CONN_STATE_SERVER_COMMAND_WAIT;
4369 
4370  /* Note that the new dir conn belongs to the same tunneled request as
4371  * the edge conn, so that we can measure download times. */
4372  dirconn->dirreq_id = exitconn->dirreq_id;
4373 
4374  connection_link_connections(TO_CONN(dirconn), TO_CONN(exitconn));
4375 
4376  if (connection_add(TO_CONN(exitconn))<0) {
4377  connection_edge_end(exitconn, END_STREAM_REASON_RESOURCELIMIT);
4378  connection_free_(TO_CONN(exitconn));
4379  connection_free_(TO_CONN(dirconn));
4380  return 0;
4381  }
4382 
4383  /* link exitconn to circ, now that we know we can use it. */
4384  exitconn->next_stream = circ->n_streams;
4385  circ->n_streams = exitconn;
4386 
4387  if (connection_add(TO_CONN(dirconn))<0) {
4388  connection_edge_end(exitconn, END_STREAM_REASON_RESOURCELIMIT);
4390  connection_mark_for_close(TO_CONN(exitconn));
4391  connection_free_(TO_CONN(dirconn));
4392  return 0;
4393  }
4394 
4396  connection_start_reading(TO_CONN(exitconn));
4397 
4398  if (connection_edge_send_command(exitconn,
4399  RELAY_COMMAND_CONNECTED, NULL, 0) < 0) {
4400  connection_mark_for_close(TO_CONN(exitconn));
4401  connection_mark_for_close(TO_CONN(dirconn));
4402  return 0;
4403  }
4404 
4405  return 0;
4406 }
4407 
4408 /** Return 1 if <b>conn</b> is a rendezvous stream, or 0 if
4409  * it is a general stream.
4410  */
4411 int
4413 {
4414  tor_assert(conn);
4415 
4416  if (conn->hs_ident) {
4417  return 1;
4418  }
4419  return 0;
4420 }
4421 
4422 /** Return 1 if router <b>exit_node</b> is likely to allow stream <b>conn</b>
4423  * to exit from it, or 0 if it probably will not allow it.
4424  * (We might be uncertain if conn's destination address has not yet been
4425  * resolved.)
4426  */
4427 int
4429  const node_t *exit_node)
4430 {
4431  const or_options_t *options = get_options();
4432 
4433  tor_assert(conn);
4434  tor_assert(conn->socks_request);
4435  tor_assert(exit_node);
4436 
4437  /* If a particular exit node has been requested for the new connection,
4438  * make sure the exit node of the existing circuit matches exactly.
4439  */
4440  if (conn->chosen_exit_name) {
4441  const node_t *chosen_exit =
4443  if (!chosen_exit || tor_memneq(chosen_exit->identity,
4444  exit_node->identity, DIGEST_LEN)) {
4445  /* doesn't match */
4446 // log_debug(LD_APP,"Requested node '%s', considering node '%s'. No.",
4447 // conn->chosen_exit_name, exit->nickname);
4448  return 0;
4449  }
4450  }
4451 
4452  if (conn->use_begindir) {
4453  /* Internal directory fetches do not count as exiting. */
4454  return 1;
4455  }
4456 
4458  tor_addr_t addr, *addrp = NULL;
4460  if (0 == tor_addr_parse(&addr, conn->socks_request->address)) {
4461  addrp = &addr;
4462  } else if (!conn->entry_cfg.ipv4_traffic && conn->entry_cfg.ipv6_traffic) {
4463  tor_addr_make_null(&addr, AF_INET6);
4464  addrp = &addr;
4465  } else if (conn->entry_cfg.ipv4_traffic && !conn->entry_cfg.ipv6_traffic) {
4466  tor_addr_make_null(&addr, AF_INET);
4467  addrp = &addr;
4468  }
4470  exit_node);
4471  if (r == ADDR_POLICY_REJECTED)
4472  return 0; /* We know the address, and the exit policy rejects it. */
4474  return 0; /* We don't know the addr, but the exit policy rejects most
4475  * addresses with this port. Since the user didn't ask for
4476  * this node, err on the side of caution. */
4477  } else if (SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command)) {
4478  /* Don't send DNS requests to non-exit servers by default. */
4479  if (!conn->chosen_exit_name && node_exit_policy_rejects_all(exit_node))
4480  return 0;
4481  }
4482  if (routerset_contains_node(options->ExcludeExitNodesUnion_, exit_node)) {
4483  /* Not a suitable exit. Refuse it. */
4484  return 0;
4485  }
4486 
4487  return 1;
4488 }
4489 
4490 /** Return true iff the (possibly NULL) <b>alen</b>-byte chunk of memory at
4491  * <b>a</b> is equal to the (possibly NULL) <b>blen</b>-byte chunk of memory
4492  * at <b>b</b>. */
4493 static int
4494 memeq_opt(const char *a, size_t alen, const char *b, size_t blen)
4495 {
4496  if (a == NULL) {
4497  return (b == NULL);
4498  } else if (b == NULL) {
4499  return 0;
4500  } else if (alen != blen) {
4501  return 0;
4502  } else {
4503  return tor_memeq(a, b, alen);
4504  }
4505 }
4506 
4507 /**
4508  * Return true iff none of the isolation flags and fields in <b>conn</b>
4509  * should prevent it from being attached to <b>circ</b>.
4510  */
4511 int
4513  const origin_circuit_t *circ)
4514 {
4515  const uint8_t iso = conn->entry_cfg.isolation_flags;
4516  const socks_request_t *sr = conn->socks_request;
4517 
4518  /* If circ has never been used for an isolated connection, we can
4519  * totally use it for this one. */
4520  if (!circ->isolation_values_set)
4521  return 1;
4522 
4523  /* If circ has been used for connections having more than one value
4524  * for some field f, it will have the corresponding bit set in
4525  * isolation_flags_mixed. If isolation_flags_mixed has any bits
4526  * in common with iso, then conn must be isolated from at least
4527  * one stream that has been attached to circ. */
4528  if ((iso & circ->isolation_flags_mixed) != 0) {
4529  /* For at least one field where conn is isolated, the circuit
4530  * already has mixed streams. */
4531  return 0;
4532  }
4533 
4534  if (! conn->original_dest_address) {
4535  log_warn(LD_BUG, "Reached connection_edge_compatible_with_circuit without "
4536  "having set conn->original_dest_address");
4537  ((entry_connection_t*)conn)->original_dest_address =
4538  tor_strdup(conn->socks_request->address);
4539  }
4540 
4541  if ((iso & ISO_STREAM) &&
4543  ENTRY_TO_CONN(conn)->global_identifier))
4544  return 0;
4545 
4546  if ((iso & ISO_DESTPORT) && conn->socks_request->port != circ->dest_port)
4547  return 0;
4548  if ((iso & ISO_DESTADDR) &&
4549  strcasecmp(conn->original_dest_address, circ->dest_address))
4550  return 0;
4551  if ((iso & ISO_SOCKSAUTH) &&
4552  (! memeq_opt(sr->username, sr->usernamelen,
4553  circ->socks_username, circ->socks_username_len) ||
4554  ! memeq_opt(sr->password, sr->passwordlen,
4555  circ->socks_password, circ->socks_password_len)))
4556  return 0;
4557  if ((iso & ISO_CLIENTPROTO) &&
4558  (conn->socks_request->listener_type != circ->client_proto_type ||
4559  conn->socks_request->socks_version != circ->client_proto_socksver))
4560  return 0;
4561  if ((iso & ISO_CLIENTADDR) &&
4562  !tor_addr_eq(&ENTRY_TO_CONN(conn)->addr, &circ->client_addr))
4563  return 0;
4564  if ((iso & ISO_SESSIONGRP) &&
4565  conn->entry_cfg.session_group != circ->session_group)
4566  return 0;
4567  if ((iso & ISO_NYM_EPOCH) && conn->nym_epoch != circ->nym_epoch)
4568  return 0;
4569 
4570  return 1;
4571 }
4572 
4573 /**
4574  * If <b>dry_run</b> is false, update <b>circ</b>'s isolation flags and fields
4575  * to reflect having had <b>conn</b> attached to it, and return 0. Otherwise,
4576  * if <b>dry_run</b> is true, then make no changes to <b>circ</b>, and return
4577  * a bitfield of isolation flags that we would have to set in
4578  * isolation_flags_mixed to add <b>conn</b> to <b>circ</b>, or -1 if
4579  * <b>circ</b> has had no streams attached to it.
4580  */
4581 int
4583  origin_circuit_t *circ,
4584  int dry_run)
4585 {
4586  const socks_request_t *sr = conn->socks_request;
4587  if (! conn->original_dest_address) {
4588  log_warn(LD_BUG, "Reached connection_update_circuit_isolation without "
4589  "having set conn->original_dest_address");
4590  ((entry_connection_t*)conn)->original_dest_address =
4591  tor_strdup(conn->socks_request->address);
4592  }
4593 
4594  if (!circ->isolation_values_set) {
4595  if (dry_run)
4596  return -1;
4598  ENTRY_TO_CONN(conn)->global_identifier;
4599  circ->dest_port = conn->socks_request->port;
4600  circ->dest_address = tor_strdup(conn->original_dest_address);
4601  circ->client_proto_type = conn->socks_request->listener_type;
4602  circ->client_proto_socksver = conn->socks_request->socks_version;
4603  tor_addr_copy(&circ->client_addr, &ENTRY_TO_CONN(conn)->addr);
4604  circ->session_group = conn->entry_cfg.session_group;
4605  circ->nym_epoch = conn->nym_epoch;
4606  circ->socks_username = sr->username ?
4607  tor_memdup(sr->username, sr->usernamelen) : NULL;
4608  circ->socks_password = sr->password ?
4609  tor_memdup(sr->password, sr->passwordlen) : NULL;
4610  circ->socks_username_len = sr->usernamelen;
4611  circ->socks_password_len = sr->passwordlen;
4612 
4613  circ->isolation_values_set = 1;
4614  return 0;
4615  } else {
4616  uint8_t mixed = 0;
4617  if (conn->socks_request->port != circ->dest_port)
4618  mixed |= ISO_DESTPORT;
4619  if (strcasecmp(conn->original_dest_address, circ->dest_address))
4620  mixed |= ISO_DESTADDR;
4621  if (!memeq_opt(sr->username, sr->usernamelen,
4622  circ->socks_username, circ->socks_username_len) ||
4623  !memeq_opt(sr->password, sr->passwordlen,
4624  circ->socks_password, circ->socks_password_len))
4625  mixed |= ISO_SOCKSAUTH;
4626  if ((conn->socks_request->listener_type != circ->client_proto_type ||
4627  conn->socks_request->socks_version != circ->client_proto_socksver))
4628  mixed |= ISO_CLIENTPROTO;
4629  if (!tor_addr_eq(&ENTRY_TO_CONN(conn)->addr, &circ->client_addr))
4630  mixed |= ISO_CLIENTADDR;
4631  if (conn->entry_cfg.session_group != circ->session_group)
4632  mixed |= ISO_SESSIONGRP;
4633  if (conn->nym_epoch != circ->nym_epoch)
4634  mixed |= ISO_NYM_EPOCH;
4635 
4636  if (dry_run)
4637  return mixed;
4638 
4639  if ((mixed & conn->entry_cfg.isolation_flags) != 0) {
4640  log_warn(LD_BUG, "Updating a circuit with seemingly incompatible "
4641  "isolation flags.");
4642  }
4643  circ->isolation_flags_mixed |= mixed;
4644  return 0;
4645  }
4646 }
4647 
4648 /**
4649  * Clear the isolation settings on <b>circ</b>.
4650  *
4651  * This only works on an open circuit that has never had a stream attached to
4652  * it, and whose isolation settings are hypothetical. (We set hypothetical
4653  * isolation settings on circuits as we're launching them, so that we
4654  * know whether they can handle more streams or whether we need to launch
4655  * even more circuits. Once the circuit is open, if it turns out that
4656  * we no longer have any streams to attach to it, we clear the isolation flags
4657  * and data so that other streams can have a chance.)
4658  */
4659 void
4661 {
4662  if (circ->isolation_any_streams_attached) {
4663  log_warn(LD_BUG, "Tried to clear the isolation status of a dirty circuit");
4664  return;
4665  }
4666  if (TO_CIRCUIT(circ)->state != CIRCUIT_STATE_OPEN) {
4667  log_warn(LD_BUG, "Tried to clear the isolation status of a non-open "
4668  "circuit");
4669  return;
4670  }
4671 
4672  circ->isolation_values_set = 0;
4673  circ->isolation_flags_mixed = 0;
4675  circ->client_proto_type = 0;
4676  circ->client_proto_socksver = 0;
4677  circ->dest_port = 0;
4678  tor_addr_make_unspec(&circ->client_addr);
4679  tor_free(circ->dest_address);
4680  circ->session_group = -1;
4681  circ->nym_epoch = 0;
4682  if (circ->socks_username) {
4683  memwipe(circ->socks_username, 0x11, circ->socks_username_len);
4684  tor_free(circ->socks_username);
4685  }
4686  if (circ->socks_password) {
4687  memwipe(circ->socks_password, 0x05, circ->socks_password_len);
4688  tor_free(circ->socks_password);
4689  }
4690  circ->socks_username_len = circ->socks_password_len = 0;
4691 }
4692 
4693 /** Send an END and mark for close the given edge connection conn using the
4694  * given reason that has to be a stream reason.
4695  *
4696  * Note: We don't unattached the AP connection (if applicable) because we
4697  * don't want to flush the remaining data. This function aims at ending
4698  * everything quickly regardless of the connection state.
4699  *
4700  * This function can't fail and does nothing if conn is NULL. */
4701 void
4703 {
4704  if (!conn) {
4705  return;
4706  }
4707 
4708  connection_edge_end(conn, reason);
4709  connection_mark_for_close(TO_CONN(conn));
4710 }
4711 
4712 /** Free all storage held in module-scoped variables for connection_edge.c */
4713 void
4715 {
4716  untried_pending_connections = 0;
4717  smartlist_free(pending_entry_connections);
4719  mainloop_event_free(attach_pending_entry_connections_ev);
4720 }
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:933
void tor_addr_from_ipv4n(tor_addr_t *dest, uint32_t v4addr)
Definition: address.c:889
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
const char * tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len, int decorate)
Definition: address.c:328
int tor_addr_hostname_is_local(const char *name)
Definition: address.c:2090
int tor_addr_parse(tor_addr_t *addr, const char *src)
Definition: address.c:1349
void tor_addr_make_null(tor_addr_t *a, sa_family_t family)
Definition: address.c:235
char * tor_addr_to_str_dup(const tor_addr_t *addr)
Definition: address.c:1164
int tor_addr_port_split(int severity, const char *addrport, char **address_out, uint16_t *port_out)
Definition: address.c:1916
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:780
int tor_addr_parse_PTR_name(tor_addr_t *result, const char *address, int family, int accept_regular)
Definition: address.c:380
char * tor_dup_ip(uint32_t addr)
Definition: address.c:2047
void tor_addr_from_in6(tor_addr_t *dest, const struct in6_addr *in6)
Definition: address.c:911
int tor_addr_from_sockaddr(tor_addr_t *a, const struct sockaddr *sa, uint16_t *port_out)
Definition: address.c:165
void tor_addr_from_ipv6_bytes(tor_addr_t *dest, const uint8_t *ipv6_bytes)
Definition: address.c:900
int tor_addr_to_PTR_name(char *out, size_t outlen, const tor_addr_t *addr)
Definition: address.c:470
static uint32_t tor_addr_to_ipv4n(const tor_addr_t *a)
Definition: address.h:152
#define REVERSE_LOOKUP_NAME_BUF_LEN
Definition: address.h:296
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:187
static const struct in6_addr * tor_addr_to_in6(const tor_addr_t *a)
Definition: address.h:117
#define tor_addr_to_in6_addr8(x)
Definition: address.h:135
#define tor_addr_eq(a, b)
Definition: address.h:280
void client_dns_set_reverse_addressmap(entry_connection_t *for_conn, const char *address, const char *v, const char *exitname, int ttl)
Definition: addressmap.c:767
void clear_trackexithost_mappings(const char *exitname)
Definition: addressmap.c:174
int address_is_in_virtual_range(const char *address)
Definition: addressmap.c:860
void client_dns_set_addressmap(entry_connection_t *for_conn, const char *address, const tor_addr_t *val, const char *exitname, int ttl)
Definition: addressmap.c:728
int addressmap_rewrite(char *address, size_t maxlen, unsigned flags, time_t *expires_out, addressmap_entry_source_t *exit_source_out)
Definition: addressmap.c:383
int addressmap_address_should_automap(const char *address, const or_options_t *options)
Definition: addressmap.c:249
const char * addressmap_register_virtual_address(int type, char *new_address)
Definition: addressmap.c:1000
int addressmap_rewrite_reverse(char *address, size_t maxlen, unsigned flags, time_t *expires_out)
Definition: addressmap.c:503
Header for addressmap.c.
time_t approx_time(void)
Definition: approx_time.c:32
Header for backtrace.c.
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:478
#define BASE32_CHARS
Definition: binascii.h:53
size_t buf_datalen(const buf_t *buf)
Definition: buffers.c:394
int buf_set_to_copy(buf_t **output, const buf_t *input)
Definition: buffers.c:898
Header file for buffers.c.
static void set_uint16(void *cp, uint16_t v)
Definition: bytes.h:78
static void set_uint32(void *cp, uint32_t v)
Definition: bytes.h:87
static void set_uint8(void *cp, uint8_t v)
Definition: bytes.h:31
static uint32_t get_uint32(const void *cp)
Definition: bytes.h:54
Fixed-size cell structure.
int channel_is_client(const channel_t *chan)
Definition: channel.c:2893
int channel_get_addr_if_possible(const channel_t *chan, tor_addr_t *addr_out)
Definition: channel.c:2835
const char * channel_describe_peer(channel_t *chan)
Definition: channel.c:2815
Header file for channel.c.
void pathbias_mark_use_rollback(origin_circuit_t *circ)
Definition: circpathbias.c:700
void pathbias_mark_use_success(origin_circuit_t *circ)
Definition: circpathbias.c:661
const char * pathbias_state_to_string(path_state_t state)
Definition: circpathbias.c:265
Header file for circuitbuild.c.
circuit_t * circuit_get_by_edge_conn(edge_connection_t *conn)
Definition: circuitlist.c:1571
const char * circuit_purpose_to_string(uint8_t purpose)
Definition: circuitlist.c:903
void assert_circuit_ok(const circuit_t *c)
Definition: circuitlist.c:2716
origin_circuit_t * TO_ORIGIN_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:166
or_circuit_t * TO_OR_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:154
const char * circuit_state_to_string(int state)
Definition: circuitlist.c:762
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_IS_CLIENT(p)
Definition: circuitlist.h:143
#define CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT
Definition: circuitlist.h:93
#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING
Definition: circuitlist.h:123
#define CIRCUIT_STATE_OPEN
Definition: circuitlist.h:32
#define CIRCUIT_PURPOSE_C_REND_JOINED
Definition: circuitlist.h:88
#define CIRCUIT_PURPOSE_CONTROLLER
Definition: circuitlist.h:121
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:147
#define CIRCUIT_PURPOSE_OR
Definition: circuitlist.h:39
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:110
#define CIRCUIT_PURPOSE_S_HSDIR_POST
Definition: circuitlist.h:112
#define CIRCUIT_PURPOSE_C_HSDIR_GET
Definition: circuitlist.h:90
#define CIRCUIT_PURPOSE_C_GENERAL
Definition: circuitlist.h:70
void circpad_machine_event_circ_has_streams(origin_circuit_t *circ)
Header file for circuitpadding.c.
void circuit_detach_stream(circuit_t *circ, edge_connection_t *conn)
Definition: circuituse.c:1379
void circuit_read_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3165
int connection_ap_handshake_attach_circuit(entry_connection_t *conn)
Definition: circuituse.c:2826
int connection_ap_handshake_attach_chosen_circuit(entry_connection_t *conn, origin_circuit_t *circ, crypt_path_t *cpath)
Definition: circuituse.c:2744
void mark_circuit_unusable_for_new_conns(origin_circuit_t *circ)
Definition: circuituse.c:3120
Header file for circuituse.c.
#define SUBTYPE_P(p, subtype, basemember)
mainloop_event_t * mainloop_event_postloop_new(void(*cb)(mainloop_event_t *, void *), void *userdata)
void mainloop_event_activate(mainloop_event_t *event)
Header for compat_libevent.c.
const or_options_t * get_options(void)
Definition: config.c:919
const char * escaped_safe_str_client(const char *address)
Definition: config.c:1110
tor_cmdline_mode_t command
Definition: config.c:2440
const char * escaped_safe_str(const char *address)
Definition: config.c:1122
Header file for config.c.
const char * conn_state_to_string(int type, int state)
Definition: connection.c:302
void connection_link_connections(connection_t *conn_a, connection_t *conn_b)
Definition: connection.c:745
dir_connection_t * dir_connection_new(int socket_family)
Definition: connection.c:561
int connection_buf_get_line(connection_t *conn, char *data, size_t *data_len)
Definition: connection.c:4239
void connection_mark_for_close_(connection_t *conn, int line, const char *file)
Definition: connection.c:1076
edge_connection_t * edge_connection_new(int type, int socket_family)
Definition: connection.c:621
void connection_close_immediate(connection_t *conn)
Definition: connection.c:1043
const char * connection_describe(const connection_t *conn)
Definition: connection.c:543
int connection_state_is_open(connection_t *conn)
Definition: connection.c:4956
const char * connection_describe_peer(const connection_t *conn)
Definition: connection.c:528
entry_connection_t * entry_connection_new(int type, int socket_family)
Definition: connection.c:602
void connection_free_(connection_t *conn)
Definition: connection.c:960
int connection_connect(connection_t *conn, const char *address, const tor_addr_t *addr, uint16_t port, int *socket_error)
Definition: connection.c:2396
Header file for connection.c.
#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER
Definition: connection.h:75
#define CONN_TYPE_DIR_LISTENER
Definition: connection.h:53
#define CONN_TYPE_AP
Definition: connection.h:51
#define connection_mark_and_flush_(c, line, file)
Definition: connection.h:179
#define CONN_TYPE_DIR
Definition: connection.h:55
#define CONN_TYPE_EXIT
Definition: connection.h:46
int connection_edge_compatible_with_circuit(const entry_connection_t *conn, const origin_circuit_t *circ)
int connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, origin_circuit_t *circ, crypt_path_t *cpath)
int connection_half_edge_is_valid_data(const smartlist_t *half_conns, streamid_t stream_id)
void connection_ap_mark_as_waiting_for_renddesc(entry_connection_t *entry_conn)
void connection_mark_unattached_ap_(entry_connection_t *conn, int endreason, int line, const char *file)
static uint32_t connection_ap_get_begincell_flags(entry_connection_t *ap_conn)
void connection_edge_free_all(void)
void connection_ap_mark_as_non_pending_circuit(entry_connection_t *entry_conn)
static int connection_half_edge_compare_bsearch(const void *key, const void **member)
static size_t n_half_conns_allocated
int connection_ap_rewrite_and_attach_if_allowed(entry_connection_t *conn, origin_circuit_t *circ, crypt_path_t *cpath)
static int connection_ap_supports_optimistic_data(const entry_connection_t *)
STATIC int connection_ap_process_http_connect(entry_connection_t *conn)
entry_connection_t * connection_ap_make_link(connection_t *partner, char *address, uint16_t port, const char *digest, int session_group, int isolation_flags, int use_begindir, int want_onehop)
#define MAX_CONNECTED_CELL_PAYLOAD_LEN
void connection_ap_expire_beginning(void)
void connection_ap_fail_onehop(const char *failed_digest, cpath_build_state_t *build_state)
static void connection_edge_about_to_close(edge_connection_t *edge_conn)
int connection_ap_detach_retriable(entry_connection_t *conn, origin_circuit_t *circ, int reason)
STATIC int connected_cell_format_payload(uint8_t *payload_out, const tor_addr_t *addr, uint32_t ttl)
void connection_ap_rescan_and_attach_pending(void)
int connection_ap_handshake_send_begin(entry_connection_t *ap_conn)
static int connection_ap_process_natd(entry_connection_t *conn)
const entry_connection_t * CONST_TO_ENTRY_CONN(const connection_t *c)
static int consider_plaintext_ports(entry_connection_t *conn, uint16_t port)
void connection_ap_handshake_socks_reply(entry_connection_t *conn, char *reply, size_t replylen, int endreason)
static smartlist_t * pending_entry_connections
int connection_half_edge_is_valid_end(smartlist_t *half_conns, streamid_t stream_id)
void connection_exit_connect(edge_connection_t *edge_conn)
uint32_t clip_dns_ttl(uint32_t ttl)
static bool network_reentry_is_allowed(void)
int connection_ap_process_transparent(entry_connection_t *conn)
static int rend_valid_v2_service_id(const char *query)
void connection_ap_mark_as_pending_circuit_(entry_connection_t *entry_conn, const char *fname, int lineno)
#define TRACKHOSTEXITS_RETRIES
static mainloop_event_t * attach_pending_entry_connections_ev
void connection_edge_end_close(edge_connection_t *conn, uint8_t reason)
int connection_edge_finished_connecting(edge_connection_t *edge_conn)
int connection_edge_destroy(circid_t circ_id, edge_connection_t *conn)
static int connection_exit_connect_dir(edge_connection_t *exitconn)
int connection_edge_finished_flushing(edge_connection_t *conn)
static int my_exit_policy_rejects(const tor_addr_t *addr, uint16_t port, const char **why_rejected)
void circuit_clear_isolation(origin_circuit_t *circ)
int connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ)
void connection_exit_about_to_close(edge_connection_t *edge_conn)
static int connection_ap_get_original_destination(entry_connection_t *conn, socks_request_t *req)
STATIC bool parse_extended_hostname(char *address, hostname_type_t *type_out)
int connection_half_edge_is_valid_connected(const smartlist_t *half_conns, streamid_t stream_id)
entry_connection_t * EDGE_TO_ENTRY_CONN(edge_connection_t *c)
int connection_edge_flushed_some(edge_connection_t *conn)
int connection_ap_handshake_send_resolve(entry_connection_t *ap_conn)
void connection_ap_handshake_socks_resolved_addr(entry_connection_t *conn, const tor_addr_t *answer, int ttl, time_t expires)
int connection_edge_update_circuit_isolation(const entry_connection_t *conn, origin_circuit_t *circ, int dry_run)
int connection_edge_reached_eof(edge_connection_t *conn)
static void tell_controller_about_resolved_result(entry_connection_t *conn, int answer_type, size_t answer_len, const char *answer, int ttl, time_t expires)
int connection_ap_can_use_exit(const entry_connection_t *conn, const node_t *exit_node)
int connection_half_edge_is_valid_resolved(smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_end_errno(edge_connection_t *conn)
int connection_edge_end(edge_connection_t *conn, uint8_t reason)
void connection_ap_attach_pending(int retry)
size_t half_streams_get_total_allocation(void)
int connection_half_edge_is_valid_sendme(const smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
static int connection_ap_handle_onion(entry_connection_t *conn, socks_request_t *socks, origin_circuit_t *circ)
STATIC int begin_cell_parse(const cell_t *cell, begin_cell_t *bcell, uint8_t *end_reason_out)
void connection_ap_about_to_close(entry_connection_t *entry_conn)
static int relay_send_end_cell_from_edge(streamid_t stream_id, circuit_t *circ, uint8_t reason, crypt_path_t *cpath_layer)
const entry_connection_t * CONST_EDGE_TO_ENTRY_CONN(const edge_connection_t *c)
STATIC void connection_half_edge_add(const edge_connection_t *conn, origin_circuit_t *circ)
static int handle_hs_exit_conn(circuit_t *circ, edge_connection_t *conn)
edge_connection_t * TO_EDGE_CONN(connection_t *c)
const edge_connection_t * CONST_TO_EDGE_CONN(const connection_t *c)
void connection_ap_handshake_socks_resolved(entry_connection_t *conn, int answer_type, size_t answer_len, const uint8_t *answer, int ttl, time_t expires)
entry_connection_t * TO_ENTRY_CONN(connection_t *c)
STATIC half_edge_t * connection_half_edge_find_stream_id(const smartlist_t *half_conns, streamid_t stream_id)
static int memeq_opt(const char *a, size_t alen, const char *b, size_t blen)
int connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
void connection_entry_set_controller_wait(entry_connection_t *conn)
streamid_t get_unique_stream_id_by_circ(origin_circuit_t *circ)
void half_edge_free_(half_edge_t *he)
void circuit_discard_optional_exit_enclaves(extend_info_t *info)
static int connection_ap_handshake_process_socks(entry_connection_t *conn)
int connection_edge_process_inbuf(edge_connection_t *conn, int package_partial)
static int compute_retry_timeout(entry_connection_t *conn)
Header file for connection_edge.c.
#define AP_CONN_STATE_HTTP_CONNECT_WAIT
#define EXIT_CONN_STATE_CONNECTING
#define AP_CONN_STATE_CONTROLLER_WAIT
#define EXIT_CONN_STATE_OPEN
#define AP_CONN_STATE_SOCKS_WAIT
int address_is_invalid_destination(const char *address, int client)
Definition: addressmap.c:1082
#define BEGIN_FLAG_IPV6_PREFERRED
#define EXIT_CONN_STATE_RESOLVEFAILED
#define AP_CONN_STATE_IS_UNATTACHED(s)
#define AP_CONN_STATE_CONNECT_WAIT
hostname_type_t
#define AP_CONN_STATE_OPEN
#define EXIT_PURPOSE_CONNECT
#define AP_CONN_STATE_RESOLVE_WAIT
#define BEGIN_FLAG_IPV4_NOT_OK
#define AP_CONN_STATE_CIRCUIT_WAIT
#define EXIT_CONN_STATE_RESOLVING
#define MIN_DNS_TTL
#define AP_CONN_STATE_NATD_WAIT
#define AP_CONN_STATE_RENDDESC_WAIT
#define BEGIN_FLAG_IPV6_OK
#define EXIT_PURPOSE_RESOLVE
#define MAX_DNS_TTL
int connection_or_digest_is_known_relay(const char *id_digest)
Header file for connection_or.c.
int control_event_stream_bandwidth(edge_connection_t *edge_conn)
int control_event_client_status(int severity, const char *format,...)
int control_event_stream_status(entry_connection_t *conn, stream_status_event_t tp, int reason_code)
int control_event_address_mapped(const char *from, const char *to, time_t expires, const char *error, const int cached, uint64_t stream_id)
Header file for control_events.c.
#define REMAP_STREAM_SOURCE_CACHE
Circuit-build-stse structure.
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
Common functions for cryptographic routines.
const char * extend_info_describe(const extend_info_t *ei)
Definition: describe.c:224
const char * node_describe(const node_t *node)
Definition: describe.c:160
Header file for describe.c.
int tor_memeq(const void *a, const void *b, size_t sz)
Definition: di_ops.c:107
#define tor_memneq(a, b, sz)
Definition: di_ops.h:21
#define DIGEST_LEN
Definition: digest_sizes.h:20
Client/server directory connection structure.
int purpose_needs_anonymity(uint8_t dir_purpose, uint8_t router_purpose, const char *resource)
Definition: directory.c:113
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:88
char * http_get_header(const char *headers, const char *which)
Definition: directory.c:325
int parse_http_command(const char *headers, char **command_out, char **url_out)
Definition: directory.c:271
Header file for directory.c.
#define DIR_CONN_STATE_SERVER_COMMAND_WAIT
Definition: directory.h:28
#define DIR_PURPOSE_SERVER
Definition: directory.h:60
int directory_permits_begindir_requests(const or_options_t *options)
Definition: dirserv.c:110
Header file for dirserv.c.
void connection_dns_remove(edge_connection_t *conn)
Definition: dns.c:969
int dns_resolve(edge_connection_t *exitconn)
Definition: dns.c:610
Header file for dns.c.
void dnsserv_reject_request(entry_connection_t *conn)
Definition: dnsserv.c:289
void dnsserv_resolved(entry_connection_t *conn, int answer_type, size_t answer_len, const char *answer, int ttl)
Definition: dnsserv.c:339
Header file for dnsserv.c.
Entry connection structure.
#define ENTRY_TO_EDGE_CONN(c)
const char * escaped(const char *s)
Definition: escape.c:126
Extend-info structure.
bool extend_info_has_orport(const extend_info_t *ei, const tor_addr_t *addr, uint16_t port)
Definition: extendinfo.c:243
Header for core/or/extendinfo.c.
int tor_open_cloexec(const char *path, int flags, unsigned mode)
Definition: files.c:54
Half-open connection structure.
int we_are_hibernating(void)
Definition: hibernate.c:937
Header file for hibernate.c.
const hs_descriptor_t * hs_cache_lookup_as_client(const ed25519_public_key_t *key)
Definition: hs_cache.c:843
Header file for hs_cache.c.
Header file containing circuit data for the whole HS subsystem.
int hs_client_any_intro_points_usable(const ed25519_public_key_t *service_pk, const hs_descriptor_t *desc)
Definition: hs_client.c:2014
int hs_client_refetch_hsdesc(const ed25519_public_key_t *identity_pk)
Definition: hs_client.c:2037
Header file containing client data for the HS subsystem.
@ HS_CLIENT_FETCH_PENDING
Definition: hs_client.h:33
@ HS_CLIENT_FETCH_MISSING_INFO
Definition: hs_client.h:31
@ HS_CLIENT_FETCH_NO_HSDIRS
Definition: hs_client.h:27
@ HS_CLIENT_FETCH_HAVE_DESC
Definition: hs_client.h:25
@ HS_CLIENT_FETCH_NOT_ALLOWED
Definition: hs_client.h:29
@ HS_CLIENT_FETCH_ERROR
Definition: hs_client.h:21
@ HS_CLIENT_FETCH_LAUNCHED
Definition: hs_client.h:23
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
Definition: hs_common.c:840
int hs_address_is_valid(const char *address)
Definition: hs_common.c:856
void hs_inc_rdv_stream_counter(origin_circuit_t *circ)
Definition: hs_common.c:1737
Header file containing common data for the whole HS subsystem.
#define HS_SERVICE_ADDR_LEN_BASE32
Definition: hs_common.h:80
hs_ident_edge_conn_t * hs_ident_edge_conn_new(const ed25519_public_key_t *identity_pk)
Definition: hs_ident.c:84
hs_circuit_id_protocol_t hs_service_exports_circuit_id(const ed25519_public_key_t *pk)
Definition: hs_service.c:4014
int hs_service_set_conn_addr_port(const origin_circuit_t *circ, edge_connection_t *conn)
Definition: hs_service.c:3934
hs_circuit_id_protocol_t
Definition: hs_service.h:194
@ HS_CIRCUIT_ID_PROTOCOL_HAPROXY
Definition: hs_service.h:199
uint16_t sa_family_t
Definition: inaddr_st.h:77
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define LD_REND
Definition: log.h:84
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Definition: log.h:288
#define LD_EDGE
Definition: log.h:94
#define LD_APP
Definition: log.h:78
#define LD_PROTOCOL
Definition: log.h:72
#define LD_BUG
Definition: log.h:86
#define LD_NET
Definition: log.h:66
#define LD_GENERAL
Definition: log.h:62
#define LOG_NOTICE
Definition: log.h:50
#define LD_CONTROL
Definition: log.h:80
#define LOG_WARN
Definition: log.h:53
#define LOG_INFO
Definition: log.h:45
void connection_watch_events(connection_t *conn, watchable_events_t events)
Definition: mainloop.c:493
void connection_start_reading(connection_t *conn)
Definition: mainloop.c:631
void connection_start_writing(connection_t *conn)
Definition: mainloop.c:687
smartlist_t * get_connection_array(void)
Definition: mainloop.c:451
Header file for mainloop.c.
@ WRITE_EVENT
Definition: mainloop.h:38
@ READ_EVENT
Definition: mainloop.h:37
#define tor_free(p)
Definition: malloc.h:52
void note_user_activity(time_t now)
Definition: netstatus.c:63
Header for netstatus.c.
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
Header file for networkstatus.c.
Node information structure.
void node_get_address_string(const node_t *node, char *buf, size_t len)
Definition: nodelist.c:1698
const node_t * node_get_by_nickname(const char *nickname, unsigned flags)
Definition: nodelist.c:1085
const node_t * router_find_exact_exit_enclave(const char *address, uint16_t port)
Definition: nodelist.c:2307
bool nodelist_reentry_contains(const tor_addr_t *addr, uint16_t port)
Definition: nodelist.c:562
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:226
int node_exit_policy_rejects_all(const node_t *node)
Definition: nodelist.c:1579
Header file for nodelist.c.
Master header file for Tor-specific functionality.
#define CELL_PAYLOAD_SIZE
Definition: or.h:457
addressmap_entry_source_t
Definition: or.h:915
@ ADDRMAPSRC_TRACKEXIT
Definition: or.h:926
@ ADDRMAPSRC_AUTOMAP
Definition: or.h:920
@ ADDRMAPSRC_NONE
Definition: or.h:934
@ ADDRMAPSRC_DNS
Definition: or.h:929
#define STREAMWINDOW_INCREMENT
Definition: or.h:392
#define STREAMWINDOW_START
Definition: or.h:389
#define END_STREAM_REASON_SOCKSPROTOCOL
Definition: or.h:257
#define END_STREAM_REASON_INVALID_NATD_DEST
Definition: or.h:263
#define END_STREAM_REASON_HTTPPROTOCOL
Definition: or.h:270
#define END_STREAM_REASON_CANT_ATTACH
Definition: or.h:251
#define END_STREAM_REASON_PRIVATE_ADDR
Definition: or.h:266
#define ISO_STREAM
Definition: or.h:868
uint32_t circid_t
Definition: or.h:489
#define ISO_CLIENTPROTO
Definition: or.h:860
#define ISO_DESTADDR
Definition: or.h:856
#define ISO_SESSIONGRP
Definition: or.h:864
uint16_t streamid_t
Definition: or.h:491
#define END_STREAM_REASON_CANT_FETCH_ORIG_DEST
Definition: or.h:260
#define TO_CIRCUIT(x)
Definition: or.h:845
#define RELAY_PAYLOAD_SIZE
Definition: or.h:486
#define ISO_SOCKSAUTH
Definition: or.h:858
#define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED
Definition: or.h:284
#define ISO_DESTPORT
Definition: or.h:854
#define END_STREAM_REASON_FLAG_ALREADY_SENT_CLOSED
Definition: or.h:280
#define TO_CONN(c)
Definition: or.h:616
#define ISO_NYM_EPOCH
Definition: or.h:866
#define ISO_CLIENTADDR
Definition: or.h:862
#define RELAY_HEADER_SIZE
Definition: or.h:484
#define DOWNCAST(to, ptr)
Definition: or.h:109
#define END_STREAM_REASON_MASK
Definition: or.h:273
#define SOCKS4_NETWORK_LEN
Definition: or.h:444
#define END_CIRC_AT_ORIGIN
Definition: or.h:306
#define ENTRY_TO_CONN(c)
Definition: or.h:619
Origin circuit structure.
long tor_parse_long(const char *s, int base, long min, long max, int *ok, char **next)
Definition: parse_int.c:59
addr_policy_result_t compare_tor_addr_to_node_policy(const tor_addr_t *addr, uint16_t port, const node_t *node)
Definition: policies.c:2887
Header file for policies.c.
addr_policy_result_t
Definition: policies.h:38
@ ADDR_POLICY_PROBABLY_REJECTED
Definition: policies.h:48
@ ADDR_POLICY_REJECTED
Definition: policies.h:42
void rep_hist_note_used_port(time_t now, uint16_t port)
void rep_hist_note_used_internal(time_t now, int need_uptime, int need_capacity)
void rep_hist_note_used_resolve(time_t now)
Header file for predict_ports.c.
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
int fetch_from_buf_http(buf_t *buf, char **headers_out, size_t max_headerlen, char **body_out, size_t *body_used, size_t max_bodylen, int force_complete)
Definition: proto_http.c:50
Header for proto_http.c.
int fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int log_sockstype, int safe_socks)
Definition: proto_socks.c:829
Header for proto_socks.c.
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:42
const char * stream_end_reason_to_string(int reason)
Definition: reasons.c:64
socks5_reply_status_t stream_end_reason_to_socks5_response(int reason)
Definition: reasons.c:100
const char * end_reason_to_http_connect_response_line(int endreason)
Definition: reasons.c:461
uint8_t errno_to_stream_end_reason(int e)
Definition: reasons.c:177
Header file for reasons.c.
void relay_header_unpack(relay_header_t *dest, const uint8_t *src)
Definition: relay.c:491
int connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial, int *max_cells)
Definition: relay.c:2153
int connection_edge_send_command(edge_connection_t *fromconn, uint8_t relay_command, const char *payload, size_t payload_len)
Definition: relay.c:732
Header file for relay.c.
Header file for rendcommon.c.
void rep_hist_note_exit_stream_opened(uint16_t port)
Definition: rephist.c:1581
Header file for rephist.c.
int router_compare_to_my_exit_policy(const tor_addr_t *addr, uint16_t port)
Definition: router.c:1692
int should_refuse_unknown_exits(const or_options_t *options)
Definition: router.c:1380
Header file for router.c.
int hexdigest_to_digest(const char *hexdigest, char *digest)
Definition: routerlist.c:749
Header file for routerlist.c.
int server_mode(const or_options_t *options)
Definition: routermode.c:34
Header file for routermode.c.
int routerset_contains_node(const routerset_t *set, const node_t *node)
Definition: routerset.c:353
Header file for routerset.c.
void sendme_connection_edge_consider_sending(edge_connection_t *conn)
Definition: sendme.c:375
Header file for sendme.c.
void * smartlist_bsearch(const smartlist_t *sl, const void *key, int(*compare)(const void *key, const void **member))
Definition: smartlist.c:411
int smartlist_contains_int_as_string(const smartlist_t *sl, int num)
Definition: smartlist.c:147
int smartlist_bsearch_idx(const smartlist_t *sl, const void *key, int(*compare)(const void *key, const void **member), int *found_out)
Definition: smartlist.c:428
void smartlist_insert(smartlist_t *sl, int idx, void *val)
smartlist_t * smartlist_new(void)
int smartlist_contains(const smartlist_t *sl, const void *element)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_remove(smartlist_t *sl, const void *element)
void smartlist_del_keeporder(smartlist_t *sl, int idx)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
socks5_reply_status_t
Definition: socks5_status.h:20
Client request structure.
#define SOCKS_COMMAND_RESOLVE_PTR
#define SOCKS_COMMAND_CONNECT
#define SOCKS_COMMAND_RESOLVE
Definition: cell_st.h:17
uint8_t payload[CELL_PAYLOAD_SIZE]
Definition: cell_st.h:21
char identity_digest[DIGEST_LEN]
Definition: channel.h:378
uint8_t state
Definition: circuit_st.h:110
uint64_t dirreq_id
Definition: circuit_st.h:204
uint16_t marked_for_close
Definition: circuit_st.h:189
uint8_t purpose
Definition: circuit_st.h:111
circid_t n_circ_id
Definition: circuit_st.h:78
time_t timestamp_last_read_allowed
uint8_t state
Definition: connection_st.h:49
struct buf_t * inbuf
struct connection_t * linked_conn
unsigned int type
Definition: connection_st.h:50
uint32_t magic
Definition: connection_st.h:46
unsigned int linked
Definition: connection_st.h:78
uint16_t marked_for_close
uint16_t port
const char * marked_for_close_file
unsigned int purpose
Definition: connection_st.h:51
tor_socket_t s
Definition: connection_st.h:96
tor_addr_t addr
extend_info_t * chosen_exit
struct crypt_path_t * prev
Definition: crypt_path_st.h:75
extend_info_t * extend_info
Definition: crypt_path_st.h:61
struct crypt_path_t * cpath_layer
struct edge_connection_t * next_stream
unsigned int edge_has_sent_end
struct circuit_t * on_circuit
unsigned int is_transparent_ap
socks_request_t * socks_request
struct evdns_server_request * dns_server_request
unsigned int chosen_exit_optional
unsigned int chosen_exit_retries
unsigned int may_use_optimistic_data
struct buf_t * pending_optimistic_data
unsigned int use_cached_ipv4_answers
unsigned int prefer_ipv6_virtaddr
char identity_digest[DIGEST_LEN]
streamid_t stream_id
Definition: half_edge_st.h:24
int connected_pending
Definition: half_edge_st.h:35
int sendmes_pending
Definition: half_edge_st.h:28
int data_pending
Definition: half_edge_st.h:32
ed25519_public_key_t identity_pk
Definition: hs_ident.h:45
ed25519_public_key_t identity_pk
Definition: hs_ident.h:106
uint16_t orig_virtual_port
Definition: hs_ident.h:111
Definition: node_st.h:34
char identity[DIGEST_LEN]
Definition: node_st.h:46
channel_t * p_chan
Definition: or_circuit_st.h:37
edge_connection_t * n_streams
Definition: or_circuit_st.h:39
struct routerset_t * ExcludeExitNodes
struct smartlist_t * RejectPlaintextPorts
struct routerset_t * ExcludeExitNodesUnion_
struct smartlist_t * WarnPlaintextPorts
char * TransProxyType
int LeaveStreamsUnattached
int ClientRejectInternalAddresses
enum or_options_t::@2 TransProxyType_parsed
int AutomapHostsOnResolve
int CircuitStreamTimeout
int ClientDNSRejectInternalAddresses
uint64_t associated_isolated_stream_global_id
struct hs_ident_circuit_t * hs_ident
edge_connection_t * p_streams
unsigned int isolation_values_set
crypt_path_t * cpath
unsigned int isolation_any_streams_attached
streamid_t next_stream_id
smartlist_t * half_streams
uint16_t length
Definition: or.h:523
uint8_t command
Definition: or.h:519
streamid_t stream_id
Definition: or.h:521
unsigned int has_finished
unsigned int socks_use_extended_errors
uint8_t reply[MAX_SOCKS_REPLY_LEN]
socks5_reply_status_t socks_extended_error_code
char address[MAX_SOCKS_ADDR_LEN]
#define STATIC
Definition: testsupport.h:32
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
#define tor_assert_nonfatal_unreached()
Definition: util_bug.h:176
#define tor_assert(expr)
Definition: util_bug.h:102
#define tor_fragile_assert()
Definition: util_bug.h:270
void tor_strlower(char *s)
Definition: util_string.c:127
int strcmpstart(const char *s1, const char *s2)
Definition: util_string.c:215
int strcmpend(const char *s1, const char *s2)
Definition: util_string.c:251
int tor_digest_is_zero(const char *digest)
Definition: util_string.c:96